Security
Your Data Is Safe with Us
Q-Flow is built with enterprise-grade security at every layer. Here's how we protect your business and your customers.
Encryption in Transit
All data transmitted between your browser and Q-Flow is encrypted using TLS 1.3, the latest standard in transport layer security.
Encryption at Rest
All stored data is encrypted with AES-256 encryption. Database backups are encrypted and stored in geographically redundant locations.
Row-Level Security
Every database table is protected by row-level security (RLS) policies. Businesses can only access their own data — complete tenant isolation by design.
PCI-DSS Compliance
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor. Q-Flow never stores, transmits, or has access to your credit card numbers.
Authentication Security
User authentication is powered by Supabase Auth with PKCE flow, cryptographically hashed passwords, and secure HTTP-only session cookies. Magic link and OAuth options available.
Abuse Prevention
Rate limiting, IP-based throttling, and queue token validation protect against spam, bot abuse, and denial-of-service attempts on your queue.
Infrastructure & Uptime
Q-Flow runs on globally distributed cloud infrastructure with automatic failover, daily encrypted backups, and continuous monitoring. We target 99.9% uptime so your queue is always available when your customers need it.
99.9%
Uptime Target
AES-256
Encryption
TLS 1.3
In Transit
Found a vulnerability? Report it responsibly.