Security & your data
In plain language: what we do to protect your account and deal data, and what control you have over it. We only list controls that are actually in place — no badge wall.
What data DealQuanta holds
Your account (name, email, a hashed password), the deal analyses you save (property numbers you type in, notes, statuses), optional report branding (logo and contact details), and your subscription status. That's it — DealQuanta is a calculator on your inputs. It never connects to your bank, never pulls your credit, and never buys data about you.
Payments — we never see your card
All billing is handled by Lemon Squeezy, our Merchant of Record and a PCI-DSS Level 1 certified payment processor. Card details go directly from your browser to them; DealQuanta's servers never receive or store card numbers. Webhooks from Lemon Squeezy to us are HMAC-signature-verified.
Infrastructure
- All traffic is encrypted in transit with TLS (HTTPS everywhere).
- The app and database run on a single virtual server hosted in the European Union.
- The database is backed up nightly on-server.
- Passwords are never stored in plain text — they are hashed with a modern key derivation function by our authentication layer.
- Access to the production server is limited to the founder, over SSH keys — there is no team-wide or third-party admin access.
We are a small product and we don't claim SOC 2 or ISO 27001 certification. If your organization needs specific answers for a vendor review, email us and a real person will answer honestly.
Your data, your control
- Private by default. Saved deals are visible only to your account. Nothing is ever shared, sold, or used to train anything.
- Share links are opt-in and revocable. A deal is only viewable by others if you explicitly create a read-only share link — and you can revoke or regenerate that link at any time, which kills the old URL immediately.
- Export anytime. From your account page you can download everything as JSON (full fidelity — every input, metric, and score) or your deal list as CSV. Export works even if your subscription has lapsed.
- Deletion is real. You can delete your account yourself from the account page — it permanently removes your account, deals, branding, and subscription records. No support ticket required.
Reporting a security issue
Found a vulnerability or something that looks wrong? Email support@dealquanta.com — it reaches the founder directly. We'll acknowledge quickly, keep you informed, and credit you if you want.
See also our Privacy Policy and Terms of Service.