QuickGPT
Legal

Security

Last updated June 22, 2026

QuickGPT (a subsidiary of UpPluck Social LLC) takes the security of customer data seriously. This page summarizes the controls we have in place today. It describes our current practices and is not a certification or independent audit. Security is a shared responsibility between QuickGPT, our platform and subprocessors, and you as the customer.

Platform and hosting

  • QuickGPT is built on Lovable Cloud, which provides managed hosting, authentication, database, and storage.
  • All traffic to QuickGPT is encrypted in transit using HTTPS / TLS.
  • Data at rest in our managed database and storage is encrypted by the platform.

Authentication and access

  • Sign-in is handled by the platform's managed authentication service. Passwords are never stored in plaintext.
  • Google sign-in is supported for users who prefer single sign-on.
  • Administrative access to production data is restricted to a small number of authorized personnel and is granted on a least-privilege basis.

Application controls

  • Row-level security policies in the database scope user data to the owning account and organization.
  • Server-side checks enforce that one user cannot read or modify another user's conversations, images, wallet, or organization data.
  • Privileged actions (such as role grants or admin operations) require an authenticated session and an explicit admin role check.
  • Secrets such as third-party API keys are stored in encrypted environment storage and are never exposed to the browser.

Data handling

  • Prompts, files, and images you submit are sent to the AI provider you select to produce a response. We do not use your content to train our own foundation models.
  • Conversation history, generated images, and account information are stored so the service works across sessions.
  • You can delete individual conversations or images at any time, and request full account deletion at hello@quickgpt.com.

Payments

Payment information is handled by a PCI-compliant payment processor. QuickGPT does not store full payment card numbers on our systems.

Monitoring and incident response

  • We monitor application and platform logs for errors and abnormal activity.
  • If we become aware of a security incident that affects your account, we will notify affected users without undue delay and in accordance with applicable law.

Customer responsibilities

To keep your account secure, we ask that you:

  • Use a strong, unique password (or sign in with Google).
  • Do not share your account credentials or session links.
  • Review the AI provider's terms before submitting sensitive content, and avoid submitting regulated data (e.g., protected health information, payment card numbers) to AI models.
  • Promptly remove access for organization members who no longer need it.

Reporting a vulnerability

If you believe you have found a security vulnerability in QuickGPT, please email hello@quickgpt.com with details and steps to reproduce. Please give us a reasonable opportunity to address the issue before any public disclosure. We appreciate responsible reporting and will acknowledge legitimate reports.

Compliance posture

QuickGPT honors applicable U.S. consumer privacy rights, including those under the California Consumer Privacy Act (CCPA). We do not currently hold SOC 2, ISO 27001, HIPAA, or PCI certifications. If your organization requires a specific compliance posture, contact us at hello@quickgpt.combefore submitting regulated data.

This page is maintained by QuickGPT (a subsidiary of UpPluck Social LLC) to answer common questions about how QuickGPT operates. It is informational and not a certification or independent audit. Questions? Email hello@quickgpt.com.