Security & trust
Oversight you can defend
LoopQuest is used where review is a regulatory requirement, often over sensitive data. So isolation, auditability and least-privilege access are built into the foundations — here's how.
Access control
Row-level security everywhere
Every table enforces Postgres row-level security. Reviewers see only the projects they belong to — there is no shared pool, and isolation is enforced at the database, not just the app.
Role-based workspaces
Org members hold owner / admin / reviewer / viewer roles. Member, key and invite management is gated to admins and owners.
Hashed, revocable API keys
Each project has its own ingest keys, shown once and stored only as SHA-256 hashes. Revoke any key instantly; a key only ever reaches its own project's data.
Server-side authorisation
Privileged writes run through role-checked server actions using a service-role credential that is never exposed to the browser.
Data protection
Encryption in transit
All traffic is served over HTTPS/TLS, end to end.
Least privilege
Clients only ever hold the public anon key under RLS. The service-role key is server-only and tightly scoped to trusted operations.
Controller / processor clarity
For the task content you submit we act as your processor, processing it only to provide the service. See the Privacy Policy and request a DPA.
Deletion & portability
Account and workspace data can be exported or deleted on request, subject to legal retention duties.
Auditability
Tamper-evident audit log
Every reviewed item is recorded with its verdict, reviewer and timestamp — and whether it was a decoy, expected versus actual.
Provable decoys
The Decoy Matrix is seeded and deterministic, so you can demonstrate exactly which tasks were probes and how each reviewer responded.
Automation-bias metrics
Per-reviewer catch-rate and accuracy give you evidence that oversight is real and engaged, not nominal.
Infrastructure
Built on certified providers
LoopQuest runs on Supabase (managed Postgres, auth, storage) and Vercel (hosting), with Resend for email — providers that maintain recognised security certifications such as SOC 2.
Managed backups
Data lives in managed Postgres with the provider's backup and recovery tooling.
Authentication
Sign-in uses Supabase Auth with email confirmation and the PKCE flow; sessions are HTTP-only cookies, refreshed server-side.
Where we are
LoopQuest is an early-stage product. We build on certified infrastructure but are not yet independently audited (e.g. SOC 2 / ISO 27001). We're happy to discuss your specific security and data-processing requirements.
Responsible disclosure
Found a vulnerability? Please report it privately to security@tomphillips.uk and give us reasonable time to remediate before any disclosure.