Skip to content
Q
QuoteNode

Security & Data Ownership

QuoteNode is built for organizations that treat commercial data as a strategic asset. Every architectural decision prioritizes isolation, auditability, and operator control.

Single-Tenant Isolation

Every QuoteNode instance runs in isolation. Your database, file storage, application process, and network perimeter belong to your deployment. There is no shared SaaS database and no cross-customer tenant mixing.

This is not a claim about logical separation inside one vendor-owned platform. It is physical isolation at the deployment level.

Self-Hosted Deployment

You choose where your data lives. Deploy on a laptop for evaluation, on a LAN server for internal use, on a public VPS, or through a platform such as Coolify. QuoteNode can run without telemetry, analytics callbacks, or license-server pings.

The system ships as Docker containers with Docker Compose templates. You control the infrastructure, network topology, backup strategy, DNS, TLS, and access perimeter.

For topology-specific guidance, see Installation Options.

Authentication & Access Control

  • Role-based access control (RBAC) with Admin, Manager, Salesperson, Viewer, and public-link access paths.
  • Per-endpoint permission checks — API calls are authorized against the caller’s role and permissions.
  • Session-based authentication with secure cookie handling and configurable session behavior.
  • Two-factor authentication (TOTP) — optional for users and enforceable for administrators when enabled.
  • Brute-force protection — repeated login failures are throttled and locked out.
  • Operational feature controls — administrators can enable or disable workflow features such as deal pipeline and task board per tenant.

Audit Trail

Every mutation in the system is recorded in an append-only audit log:

  • who performed the action,
  • what changed,
  • when it happened,
  • which request context was involved.

The audit log provides a chain of custody for offers, customer records, operational documents, and configuration changes.

Public offer links are protected by multiple layers:

  • Cryptographic tokens — random link tokens are stored as hashes rather than plaintext.
  • Optional password or PIN protection — sensitive links can require an extra secret.
  • Revocable access — any link can be revoked by the operator.
  • Rate limiting and lockout — repeated abusive attempts are slowed or blocked.
  • Email verification — named-customer offers can require an email challenge before access.
  • Bot detection — timing checks and honeypot fields help reject automated submissions.
  • Interaction tracking — opens, downloads, replies, and decisions can be logged for sales follow-up.

Security still depends on deployment topology. A link generated for localhost is not usable by an external client. A LAN-only link is reachable only from that network or VPN. External client links require a public domain, HTTPS, and correct reverse-proxy/firewall configuration.

Data Protection

  • Encryption in transit — use HTTPS for public or untrusted networks.
  • Encryption at rest — delegated to your host, disk, volume, or storage provider.
  • Optional application-level PII encryption — when enabled, selected personally identifiable fields are encrypted before storage.
  • Secret-based token protection — timing tokens, public-link password sessions, database credentials, and encryption keys must be protected in deployment secrets.
  • IP anonymization options — deployments can be configured to reduce retained IP data for privacy programs.
  • No default analytics dependency — QuoteNode does not require third-party analytics or tracking pixels to operate.

Protect .env and platform secrets carefully. Losing DB_ENCRYPTION_KEY can make encrypted fields unrecoverable if application-level encryption is enabled. Rotating public-link and timing secrets can invalidate existing security tokens or sessions.

Backup & Disaster Recovery

Your data is only as safe as your ability to recover it.

QuoteNode supports:

  • scheduled database and file backups,
  • local backup retention,
  • optional remote upload through rclone-supported providers,
  • optional GPG encryption,
  • admin-visible backup status,
  • restore procedures for recovery scenarios.

Backups must include both database data and application file storage. Test restores before relying on a backup policy, especially before upgrades.

For the full guide, see Backup & Recovery.

Immutable Offer Snapshots

When an offer is sent, the system captures a complete immutable snapshot of the customer-facing commercial state. That snapshot is the source of truth for public rendering, PDF generation, auditability, and later operational documents.

Snapshots protect historical understanding when catalog data, pricing, branding, or customer data changes after the offer was sent.

Operational Document Caution

QuoteNode can generate post-acceptance operational documents such as sales confirmations, supplier purchase orders, and experimental proforma invoices.

During beta, proforma invoices must be treated as an experimental module. Generated proforma documents are not a substitute for accounting, tax, VAT, fiscal, or e-invoicing systems. Operators are responsible for checking local legal requirements before sending them to customers.

Licensing Security

QuoteNode licenses are Ed25519-signed files verified locally. The application does not need to call an external license server to keep running.

Do not enable LICENSE_SKIP_SIGNATURE_CHECK=true in real beta or public deployments. That setting disables license authenticity verification and is acceptable only for disposable local development environments.

Release Awareness

When enabled, the admin license view can check a public release manifest such as https://quotenode.dev/releases/latest.json and show that a newer release is available. This is a version-awareness feature, not telemetry: the instance reads a public JSON file and does not need to identify itself to QuoteNode.

Focused Administration Areas

Settings, Security, Backup, Diagnostics, and Audit now work as separate operator views, which is clearer than a single overloaded control panel.

Security Workspace

Automated Backup Management

Scheduled database backups with retention policies, restore options, and health monitoring.

Backup Overview

Full Audit Trail

Every significant action is logged with actor, timestamp, and details for compliance and troubleshooting.

Audit Log

Ready to own your data?

Free for freelancers. Reasonably priced for teams. Deploy in minutes with Docker Compose.