Security
Your clients' photos, your lead data, and your pricing are mission-critical. Here's how we protect every byte.
Encryption at Rest & In Transit
All data (including uploaded property photos, rendered images, and client lead details) is encrypted using AES-256 at rest. All data transmitted between your device and our servers uses TLS 1.3.
Infrastructure & Hosting
CurbQuoter runs on Google Cloud/Firebase infrastructure, which provides enterprise-grade encryption out of the box. Rendering workloads run in isolated, ephemeral compute environments that are destroyed after each job completes.
Data Isolation & Authorization
We employ strict server-side quota enforcement and database-level object authorization (IDOR protection) to ensure client data and billing limits are securely isolated to the authorized contractor workspace.
Access Controls
Role-based access controls allow you to limit which team members can view client data, export leads, or modify billing. All logins are protected by email-based MFA and session tokens expire after 30 days of inactivity.
Your Client Data is Private
Homeowner photos and personal information captured through our platform are never sold to third-party data brokers. We do not use your clients' property images to train models.
Incident Response
In the event of a data incident, affected contractors will be notified within 72 hours per applicable regulations. We maintain a documented incident response plan reviewed quarterly.
Report a Security Issue
Found a potential vulnerability? We take all reports seriously and will respond within 24 hours.
security@curbquoter.com