Security & Trust

AES-256-GCM field encryption at rest

Decision text and AI analysis stored in the database are encrypted at the field level using AES-256-GCM before storage. Encrypted fields are decrypted only at read time within the application.

Passwordless magic link authentication

Quorum uses time-limited magic links sent to your email for authentication. No passwords are stored. Authentication is handled via Supabase Auth with PKCE flow.

HTTPS / TLS in transit

All data between your browser and Quorum servers is transmitted over HTTPS using TLS. The application is served from Railway with TLS termination enforced.

Row-level security (RLS) on the database

Supabase PostgreSQL row-level security policies are enforced across all user-scoped tables. Authenticated users can only read and write rows associated with their own account.

US-based hosting infrastructure

The Quorum application runs on Railway (US) and the database is hosted on Supabase (US). No user data is stored in jurisdictions with inadequate data protection standards.

No advertising, no data selling

Quorum does not serve advertising, does not sell user data, and does not share decision content with any third party except the AI processing service used to generate analysis.

AI processing with no training use

Your decision text is processed by an AI service solely to generate your Council analysis. The AI provider does not use your submissions to train its models.

Encryption key rotation tooling

A rotation script (scripts/rotate-encryption-key.ts) re-encrypts all database columns from an old AES-256-GCM key to a new one without downtime. Rotation is performed manually on a deliberate schedule to ensure human oversight of a sensitive cryptographic operation.

Vulnerability disclosure programme

A machine-readable disclosure policy is published at /.well-known/security.txt per RFC 9116. Report issues to security@quorumvault.org. We acknowledge valid reports within 5 business days and target remediation of critical issues within 30 days.