Security

Security at misquoted.

We measure how accurately AI describes other people's brands. That means we have to take a stricter line on our own.

Last reviewed · June 10, 2026
Passwordless sign-in
Passkeys + TOTP; no passwords stored
Encrypted in transit and at rest
TLS at the edge; provider-encrypted storage
Stripe-handled payments
We never see or store card numbers
Where we stand

The honest version.

We measure how accurately AI describes other brands, so we won't overstate our own posture. Here's what's true today across infrastructure, authentication, encryption, and compliance — and what we're still working toward.

01 / Infrastructure
Cloudflare edge, U.S.-region database.

The app runs on Cloudflare Workers at the edge; customer data lives in a U.S.-region PostgreSQL database, reached over Cloudflare Hyperdrive. The database connection uses TLS. Cloudflare's network sits in front of every request with DDoS protection and a WAF.

  • U.S.-region managed PostgreSQL, via Cloudflare Hyperdrive
  • Cloudflare DDoS protection and WAF on every request
  • Application-to-database connections require TLS
02 / Authentication
Passkeys and TOTP, passwordless by default.

There is no password to phish, leak, or reuse. Sign-in is a passkey or a one-time magic link; TOTP is supported as a second factor. Recovery codes are stored as scrypt hashes — never in plaintext — and reset attempts are rate-limited.

  • WebAuthn passkeys and email magic-link sign-in
  • TOTP second factor (RFC 6238)
  • Recovery codes hashed with scrypt; rate-limited verification
03 / Encryption
TLS in transit, encrypted at rest.

Traffic to misquoted is served over TLS, terminated at the Cloudflare edge. The database and its backups are encrypted at rest by our managed database provider. Auth endpoints carry HSTS and a strict set of security headers.

  • TLS for all traffic, terminated at the Cloudflare edge
  • HSTS and strict security headers on authentication endpoints
  • Database and backups encrypted at rest by the provider
04 / Compliance roadmap
Where we are, stated plainly.

misquoted launched in 2026 and we are early. We are a small team, and we will not claim certifications we do not hold. Here is what is true today and what we are working toward.

  • No SOC 2 report yet — it is on our roadmap, not in hand
  • No third-party penetration test on file yet
  • GDPR-aligned data handling; DPA available on request
  • We will link the artifact here the day a certification is real
Scan data, specifically

How we handle what we learn.

When you scan a domain, we generate a query set, send those queries to third-party AI models, and store the responses verbatim alongside the scores we derive. That bundle is the report. Without it, the report cannot exist.

The report is yours. It's encrypted at rest and scoped to your account — every read is checked against the workspace it belongs to. We do not share it with other customers, and we do not surface it on the public leaderboard unless you explicitly opt in.

For methodology improvement, we aggregate query patterns and scoring signals across all scans — never the raw responses, never anything identifiable. The aggregations stay inside the company.

We do not train AI models on your data. We are not in the foundation-model business and have no plans to be. If our policy on this ever changes, you'll see a 30-day notice email, and the change will be opt-in only.

Controls in place today

What's actually wired up.

Not a wish list. These run in the product right now.

Account-scoped access. Every report, scan, and setting is bound to the workspace that owns it, and each request is checked against that boundary before any data is returned.

Audit-logged admin actions. When a member of our team takes a sensitive action on an account — a refund, a suspension, an impersonation session — it is recorded with the actor, the target, and the time before it is allowed to proceed.

Stripe-handled payments. Card details go straight to Stripe and never touch our servers. We store a Stripe reference and your subscription state — never a card number.

Delete a workspace, stop the billing. Deleting a workspace cancels its Stripe subscriptions in the same step — synchronously, not on a delayed job — so a removed workspace is never billed. The workspace is then flagged for deletion and its data removed on our retention schedule.

Per-event email control. Drift alerts, competitor moves, model-release notices, product news — each category is its own switch. One-click unsubscribe (RFC 8058) is honored straight from your inbox, no login required.

!
Found a vulnerability? Tell us.

We run a responsible-disclosure program. There's no formal bug bounty yet, but we read every report and aim to acknowledge within one business day. Email us and we'll take it from there.

security@misquoted.ai