Security at Quill

We undergo regular white-box pen tests, and continously invest in industry leading security best practices. In the near future we plan on supporting end-to-end encryption.

HTTPS and HSTS for secure connections

Quill forces HTTPS for all services using TLS (SSL), including our public website. Our apps only connect with our API over TLS.

We use HSTS to ensure that browsers interact with Quill only over HTTPS. We're also in the process of becoming members of the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

Encryption at rest and in transit

All data are encrypted at rest with AES-256. Decryption keys are stored on separate machines. In addition, all data are encrypted in transit.

Vulnerability disclosure

We don't currently offer a reward program, but we plan on offering one in the future. In the interim, please disclose vulnerabilities by chatting with us directly via your support thread ↗