QuillMD
Start free trial
Security

Security practices

Last updated: 2026-04-20

[DRAFT — PENDING LEGAL REVIEW]

This page summarizes how QuillMD is built and operated. It's a transparent operational statement, not a marketing claim. If you need a signed SOC 2, ISO 27001, or HITRUST report, see "Certifications" below.

Application

  • Auth via NextAuth (Auth.js v5) with JWT sessions, bcrypt-12 password hashing, 5-attempt lockout with 15-minute cooldown.
  • Single-session enforcement: a new login revokes prior sessionTokens so stolen JWTs stop resolving.
  • Every API route validates session + per-record ownership before serving data; cross-user access returns 404 to prevent ID enumeration.
  • Structured input validation via Zod on every request that accepts user data.
  • File uploads are size-capped (500 MB audio, 50 MB dictation) and MIME-validated before being streamed to object storage.

Infrastructure

  • All services run in Docker containers on a dedicated VPS. No shared-tenant compute.
  • Postgres (with pgvector for embedding workloads), Redis (BullMQ broker), and MinIO (S3-compatible object storage) are bound to localhost on the VPS. Public traffic enters only through Caddy.
  • Caddy serves as the public edge; TLS is handled by Let's Encrypt with auto-renewal once a domain is configured.
  • Secrets live in a root-owned .env file on the VPS only; .env* is gitignored.

Data handling

  • TLS 1.2+ for every outbound call to AI providers, email, and the browser.
  • At-rest encryption inherits from the VPS provider's disk encryption.
  • A PHI scrubber (redactPhi) masks emails, phone numbers, and SSNs in error logs and Sentry events. Free-text fields above a length threshold collapse to length markers.
  • Audio retention defaults to 90 days; transcripts retain for 7 years per HIPAA.

Operations

  • Secrets rotated quarterly (JWT, AI provider keys) per our internal rotation runbook.
  • Every deploy is preceded by a pg_dump backup; rollback path is documented.
  • Production error surfacing via Sentry on the CRM app; transcribe-md Sentry integration is in progress (tracked in the T-M15 audit).
  • Vulnerability disclosure: email security@ashtechgroup.com. We aim to acknowledge within 48 hours. Please do not open GitHub issues for security reports.

Certifications

QuillMD does not currently hold a SOC 2, ISO 27001, or HITRUST certification. Our launch target is SOC 2 Type 2 readiness within 12 months of general availability. Our HIPAA posture is covered by BAAs and operational controls rather than third-party audit today.

Known gaps (transparent)

We publish pre-launch audit findings. See our internal docs/T-M15-AUDIT-REPORT.md (available on request for prospects under NDA) for the current queue of hardening work.

Contact

Security: security@ashtechgroup.com.