Security
QuoteStep uses access controls, server-side validation and controlled client links to protect the records that move work from quote to payment.
Signed-in pages and business records require an authenticated user session.
Quote, invoice and portal links use hard-to-guess tokens and expose only the shared client record.
Important actions are validated on the server before quotes, invoices, payments or account records change.
Provider secrets belong on the server and are not intentionally exposed in browser code or public pages.
QuoteStep does not currently claim external security certifications. Information on this page is limited to safeguards built into the product and its operating setup.
No service can guarantee absolute security. Customers should keep account access controlled, share client links carefully and report suspected access issues promptly.
Security concerns can be reported to contact@quotestep.co.uk.