Security & Data Protection

1. Secure Authentication

• Encrypted password storage using strong hashing
• Session-based authentication with secure cookies
• Automatic session validation and expiration

2. Access Control

• Role-based access within each business
• Strict tenant isolation (data separated per business)
• Authorization checks on all protected routes

3. Data Transmission Security

• All traffic is encrypted over HTTPS
• Secure handling of authentication tokens
• Protection against common network-level attacks

4. Public Link Protection

RFQForge uses secure, unguessable public IDs for quote and order status pages.

• No login required, but access is link-based
• Pages are not indexed by search engines
• Rate limiting is applied to prevent abuse

Businesses control how these links are shared with their customers.

5. Abuse Prevention

• Rate limiting on login, RFQ submissions, and public pages
• Bot protection via honeypot fields
• Safeguards against brute-force and spam attempts

6. Infrastructure Security

• Managed infrastructure providers for hosting and storage
• Environment-based configuration and secret management
• Regular dependency and platform updates

7. Data Integrity

• Structured data models for RFQs, quotes, and orders
• Audit logs for key operational changes
• Controlled state transitions for workflows

8. Monitoring and Response

• Logging for system activity and errors
• Detection of unusual or abusive behavior
• Ability to suspend or restrict accounts when necessary

9. Shared Responsibility

Security is a shared responsibility. Businesses using RFQForge should:

• Protect their account credentials
• Share public links responsibly
• Avoid uploading unnecessary sensitive data

10. Related Policies

For more details on how data is handled, see:

• Privacy Policy
• Terms of Service

11. Contact

For security-related questions or to report a vulnerability:

Email: support@rfqforge.com