Security at ai-rfq
Procurement data is sensitive. ai-rfq keeps access, transport, storage, and AI processing boundaries explicit.
Encryption in Transit
Browser and API traffic is served over HTTPS. Production deployments are expected to redirect plain HTTP to HTTPS at the reverse proxy or load balancer.
Storage Controls
Application data is stored in the configured PostgreSQL database and quote files are stored through the configured object-storage adapter. Access is mediated by authenticated API requests.
Workspace Boundaries
Protected requests are scoped to the active workspace so users only operate on data that belongs to their organization.
Authentication
The application supports credential login, SAML-based sign-in, and session validation on protected server requests. Passwords are hashed before storage.
AI Document Processing
RFQ and quote-processing features call the configured Volcengine Ark / Doubao OpenAI-compatible endpoint. Only the content needed for the user-triggered workflow is sent for processing.
Hosting Infrastructure
ai-rfq is designed for separate regional deployments, health checks, and reverse-proxy TLS termination so China and international traffic can be operated independently.
Found a vulnerability?
We take security reports seriously and appreciate responsible disclosure. If you discover a potential security issue, please email us directly rather than posting publicly. We aim to respond within 48 hours.