SOC 2 Type II
Our infrastructure providers maintain SOC 2 Type II compliance, demonstrating independently audited controls for security, availability, and confidentiality.
Security
Trusted, secure,
and private
QuoteLogic is built to protect your pricing data, workflows, and customer information using trusted infrastructure partners.
Built on WorkOS, Convex, and Stripe.
Enterprise-grade security
Built on trusted infrastructure
Independently audited infrastructure and security controls designed to protect your data and workflows.
HIPAA-ready infrastructure
Our infrastructure providers support HIPAA-ready environments, enabling customers to meet healthcare data requirements through appropriate agreements and configurations.
GDPR-aligned data practices
Our providers support GDPR-aligned data handling and processing, helping customers meet European data protection requirements.
Access and security controls
Access to systems and data is enforced through secure authentication, controlled access patterns, and continuous monitoring.
Audited infrastructure
Our providers undergo regular third-party security audits, vulnerability scanning, and penetration testing.
Application Security
QuoteLogic uses modern browser and application security controls, including Content Security Policy (CSP), to help restrict unauthorized scripts and resources.
Identity management
Powered by WorkOS.
Secure authentication and access control designed to support enterprise identity systems and organizational workflows.
Single sign-on (SSO)
Authenticate users through their organization's identity provider using standards such as SAML and OIDC, eliminating the need for separate credentials.
Directory sync (SCIM)
Automate user provisioning and deprovisioning through enterprise directory systems, ensuring access is aligned with organizational changes.
Role-based access control
Manage access through roles and permissions, allowing organizations to define and enforce access policies across users and teams.
Audit logs
Track key actions within the application, providing a clear record of user activity for security, visibility, and compliance needs.
Domain verification
Allow organizations to verify ownership of their domain, helping ensure users are associated with the correct organization.
Secure authentication
Authentication is handled through secure, modern authentication flows, with session management and controlled access to application data.
Privacy
Your data is safe
Privacy is built into how QuoteLogic works. Your data stays within your workflows and is never used outside the service.
Data encryption
All data is encrypted in transit using TLS, and encrypted at rest through our trusted infrastructure providers.
Controlled access
Access to data is restricted to authenticated users and governed by secure authentication and access controls.
Device storage
Data stored on your device for application performance, preferences, and offline use is cleared on logout or session expiration and restored securely after authentication.
Data governance
Your data is handled only for the purpose of providing the service and is not sold, rented, or traded.
Enterprise
Enterprise-ready by design
QuoteLogic can support enterprise security, compliance, and data requirements through additional agreements and review processes.
Enterprise agreements
Support for Master Services Agreements (MSA), Data Processing Agreements (DPA), and security addendums.
Security reviews
We work with your team to complete security questionnaires and technical reviews as needed.
Flexible data handling
Data residency, retention, and access requirements can be addressed based on your organization's needs.
Trusted partners
Built on trusted infrastructure
QuoteLogic is built on trusted infrastructure providers for identity, data storage, payments, and monitoring. Each provider maintains rigorous security and compliance programs.
WorkOS
Authentication and identity infrastructure powering secure login, SSO, and enterprise identity workflows.
workos.com/security trust.workos.comConvex
Application data storage and backend infrastructure with encrypted data and audited security practices.
convex.dev/securityStripe
Payment processing provider with PCI-compliant infrastructure and industry-leading financial security controls.
stripe.com/securityPostHog
Usage analytics platform with privacy-focused product analytics and data controls.
posthog.com/handbook/company/securitySentry
Error monitoring and application observability platform designed for secure debugging and reliability.
sentry.io/securityBuilt on trusted infrastructure providers with independently audited security and compliance programs.