Security built for regulated industries

Every customer's data is isolated at the database level using Supabase Row Level Security (RLS). No shared tables — your lots, submissions, and COAs are invisible to other tenants by policy, not just application logic.

Database queries are parameterized and validated server-side. Direct database access requires a service-role key, which is never exposed to the client.

• Separate RLS policies per organization
• No cross-tenant data leakage possible at the query layer
• Service-role credentials never sent to browser

All data in transit is encrypted using TLS 1.3. Connections over HTTP are automatically redirected to HTTPS. HSTS headers are enforced with a one-year max-age.

Data at rest is encrypted with AES-256 on all Supabase storage volumes. Backups are encrypted before they leave the primary region.

• TLS 1.3 in transit — HTTP rejected
• AES-256 encryption at rest
• Encrypted backups
• HSTS enforced

Every state-changing action in QualityOS — result entry, lot disposition, COA approval, user management — is logged with the acting user, timestamp (UTC), IP address, and a reason field where required.

Audit logs are immutable. Records cannot be edited or deleted through the application. Enterprise customers can export logs on demand in JSON or CSV format.

• Immutable event log for all state changes
• User + timestamp + IP on every record
• Export available for FDA or internal audits
• Reason-for-change field on critical actions

R&D formulation data is stored in a separate access tier, protected by additional role-based permissions. Brand clients and lab users cannot access formulation records unless explicitly granted.

Proprietary formula data is never included in COA exports or brand client views. Column-level access controls govern what each role can read and write.

• Formulation data access-controlled by role
• R&D data excluded from all client-facing exports
• Column-level permission enforcement

QualityOS uses a multi-role access model: Admin, QA Manager, QA Analyst, Lab Contact, and Brand Client. Each role has a defined permission set — no privilege escalation without admin approval.

Multi-factor authentication (MFA) is available for all accounts and enforced by default for Admin and QA Manager roles. Session tokens expire after inactivity.

• 5 predefined roles with locked permission sets
• MFA required for Admin and QA Manager
• Session expiry on inactivity
• Admin approval required for role changes

QualityOS is deployed on infrastructure in the United States. Enterprise customers can request data residency in the EU or other regions. We do not sell or share customer data with third parties.

GDPR and CCPA data rights — access, portability, deletion — are supported for all accounts. Data deletion requests are processed within 30 days and confirmed in writing.

• Data residency options for Enterprise
• No data sold to third parties
• GDPR data subject rights supported
• 30-day deletion SLA with confirmation