Trust & Security

• Contractor accounts are protected by email and password authentication.
• Passwords are never stored in plain text — they are hashed and managed by our authentication provider.
• Each contractor only sees their own quotes, change orders, job debriefs, and settings. Row-level access rules enforce this on the database, not just in the app UI.
• Customer quote share links use unguessable, per-quote tokens and are marked noindex so they don't show up in search engines.

• TradeShield runs on the Lovable Cloud platform, which uses Supabase for its database and authentication layer.
• Traffic to tradeshieldsolutions.com is served over HTTPS with TLS provisioned automatically by the platform.
• Database backups and infrastructure security are handled by the underlying Lovable Cloud / Supabase platform.

• Account data: email address and the business profile you enter in Settings (business name, license, contact details, default rates).
• Job data: the quotes, change orders, customer names/addresses, and debrief notes you create inside the app.
• Feedback: messages you submit through the in-app feedback button.
• Data is used only to operate the app for you. We do not sell your data or your customers' data to third parties.

• Account emails (signup confirmation, password reset, magic links) are sent from notify.tradeshieldsolutions.com through the Lovable email infrastructure.
• Bounces and complaints are recorded so we stop emailing addresses that don't want to hear from us.
• TradeShield does not send marketing or newsletter emails — only transactional messages tied to your account or jobs.

• Your data is kept for as long as your account is active so you can come back to past quotes and jobs.
• You can request deletion of your account and associated data at any time by emailing zwatkins42@gmail.com.
• Logged-out devices can also wipe local app data from /clear-data.

If you believe you've found a security vulnerability in TradeShield, please email zwatkins42@gmail.com with details and steps to reproduce. We'll acknowledge your report and work with you on a fix. Please give us a reasonable window to respond before disclosing publicly.

TradeShield is responsible for the application code and the security controls described above. The Lovable Cloud / Supabase platform is responsible for the underlying infrastructure, database hosting, and TLS. As the account holder, you are responsible for keeping your password safe, sharing customer quote links only with the intended recipient, and entering accurate customer details.