LoopQuest

Security & trust

Oversight you can defend

LoopQuest is used where review is a regulatory requirement, often over sensitive data. So isolation, auditability and least-privilege access are built into the foundations — here's how.

Access control

Row-level security everywhere

Every table enforces Postgres row-level security. Reviewers see only the projects they belong to — there is no shared pool, and isolation is enforced at the database, not just the app.

Role-based workspaces

Org members hold owner / admin / reviewer / viewer roles. Member, key and invite management is gated to admins and owners.

Hashed, revocable API keys

Each project has its own ingest keys, shown once and stored only as SHA-256 hashes. Revoke any key instantly; a key only ever reaches its own project's data.

Server-side authorisation

Privileged writes run through role-checked server actions using a service-role credential that is never exposed to the browser.

Data protection

Encryption in transit

All traffic is served over HTTPS/TLS, end to end.

Least privilege

Clients only ever hold the public anon key under RLS. The service-role key is server-only and tightly scoped to trusted operations.

Controller / processor clarity

For the task content you submit we act as your processor, processing it only to provide the service. See the Privacy Policy and request a DPA.

Deletion & portability

Account and workspace data can be exported or deleted on request, subject to legal retention duties.

Auditability

Tamper-evident audit log

Every reviewed item is recorded with its verdict, reviewer and timestamp — and whether it was a decoy, expected versus actual.

Provable decoys

The Decoy Matrix is seeded and deterministic, so you can demonstrate exactly which tasks were probes and how each reviewer responded.

Automation-bias metrics

Per-reviewer catch-rate and accuracy give you evidence that oversight is real and engaged, not nominal.

Infrastructure

Built on certified providers

LoopQuest runs on Supabase (managed Postgres, auth, storage) and Vercel (hosting), with Resend for email — providers that maintain recognised security certifications such as SOC 2.

Managed backups

Data lives in managed Postgres with the provider's backup and recovery tooling.

Authentication

Sign-in uses Supabase Auth with email confirmation and the PKCE flow; sessions are HTTP-only cookies, refreshed server-side.

Where we are

LoopQuest is an early-stage product. We build on certified infrastructure but are not yet independently audited (e.g. SOC 2 / ISO 27001). We're happy to discuss your specific security and data-processing requirements.

Responsible disclosure

Found a vulnerability? Please report it privately to security@tomphillips.uk and give us reasonable time to remediate before any disclosure.