Trust & Security
Security & data protection
Project Quant handles some of the most sensitive financial data in M&A. Here's how we protect it at every layer.
Tenant isolation
Row-level security on every table. Users only ever see data for projects they belong to — enforced in Postgres, not at the application layer.
Encryption
TLS 1.2+ in transit; AES-256 at rest for all storage and database volumes. Backups encrypted with separately managed keys.
Audit trail
Every adjustment, mapping change, and document approval is logged with actor, timestamp, and before/after values — exportable for QoE workpapers.
Authentication
Email + password with breach-list protection (HIBP) and minimum 8-character requirement. Session tokens rotate automatically.
Least privilege
Project membership is role-scoped (Lead, Analyst, Target). Target company users see only the upload portal — never the analysis.
Backups & recovery
Daily automated backups with point-in-time recovery up to 7 days. Quarterly restore drills.
Infrastructure
Project Quant runs on a managed Postgres + edge-compute platform with tier-1 cloud providers. All compute is regionalized; data residency options are available on enterprise plans.
AI processing
AI-assisted features call vetted model providers under zero-data-retention configurations. Your diligence data is never used to train third-party models. AI suggestions always flow through analyst review before becoming part of the audit trail.
Vulnerability management
Dependencies scanned continuously for known vulnerabilities. Production releases gated on security checks. Annual third-party penetration testing on enterprise plans.
Incident response
We will notify affected firm owners within 72 hours of confirming a security incident that involves their data, in line with applicable law.
Reporting a vulnerability
Found something? Email security@projectquant.app. We acknowledge within one business day and credit researchers in our security hall of fame on request.