MQS™
Data Security

Your data never leaves your control

Your metadata is uploaded to temporary encrypted storage, processed, and then automatically deleted. Scoring data is processed through secure, isolated API calls with zero retention. When analysis completes, the source data is gone.

How Your Data Is Handled

MQS analyzes the structure and patterns in your metadata. It does not retain, index, or search your file contents.

Temporary Encrypted Storage

Uploaded files are temporarily stored in encrypted cloud storage during processing, then automatically deleted upon completion. No file data is retained after your analysis finishes.

Complete Data Isolation

Each analysis runs independently. Your data is never mixed with other clients' datasets, used for model training, or referenced by any other session.

Zero Data Retention

When your analysis completes, the source file is automatically deleted from storage. MQS retains your score and report metadata. The underlying file contents are gone.

No Third-Party Sharing

Your raw file contents are never stored or shared. Scoring data is processed through secure, isolated API calls with zero retention. No data is used for model training or advertising.

What We Store

MQS retains only the metadata needed to display your report. Nothing from your file contents is kept.

What MQS Retains
  • Filename (as you provided it)
  • Row and column counts
  • Computed quality score and governance band
  • Labels you entered (company name, platform, dataset label)
  • Timestamp of analysis
What MQS Does Not Retain
  • File contents or raw cell values
  • Individual field data from your metadata
  • Vocabulary lists or tag values
  • Descriptions, alt text, or freeform content
  • Any data that could reconstruct your original file

You can delete any report from your dashboard at any time. Deletion is immediate and permanent. Upon account deletion, all associated report metadata is removed within 30 days.

Prohibited Data

MQS is built for metadata exports from DAM, PIM, CMS, and MAM platforms. It is not designed for regulated or sensitive data.

HIPAA Disclaimer

MQS is not HIPAA-compliant. The Service does not enter into Business Associate Agreements (BAAs) and is not a Business Associate, subcontractor, or agent of any user pursuant to HIPAA. Uploading Protected Health Information is prohibited under the Data Upload Terms.

The following data types are prohibited from upload:
  • Protected Health Information (PHI) as defined under HIPAA
  • Payment card data subject to PCI-DSS
  • Social Security numbers or government-issued IDs
  • Financial account numbers (bank accounts, routing numbers)
  • Authentication credentials (passwords, API keys, tokens)
  • Data subject to FERPA, GLBA, or COPPA unless you have independently ensured compliance
Infrastructure Security

Security is enforced at every layer, from transport to database.

HTTPS + HSTS

All traffic is encrypted in transit. Strict Transport Security is enforced with a two-year max-age, includeSubDomains, and preload directives.

Security Headers

Every response includes X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy, and Permissions-Policy to prevent clickjacking, MIME sniffing, and unauthorized feature access.

Passwordless Authentication

Login is handled via secure magic link email, powered by Supabase Auth. No passwords are stored, transmitted, or at risk of being compromised.

Row-Level Security

Every database table enforces row-level security. Queries are scoped to the authenticated user. No user can access another user's reports or data.

Third-Party Services

MQS uses a small number of infrastructure providers. None of them receive your raw file contents. AI-generated narrative sections are produced via isolated API calls that receive only computed scores and field-level metrics, not your source data.

Supabase
Authentication, database, and temporary file storage
Stores user accounts and report metadata. Uploaded files are held in encrypted storage during processing and automatically deleted upon completion.
Railway
Application hosting
Hosts the MQS application. All traffic encrypted via HTTPS. No raw file data is persisted to the host.
Stripe
Payment processing
Handles all payment card data. Card numbers, CVVs, and billing details never touch MQS servers.
Anthropic
AI narrative generation
Generates report narrative text from computed scores and field metrics. Receives no raw file contents. Data is not stored or used for model training per Anthropic's API data policy.
Loops
Email communications
Delivers transactional and marketing email. Receives only your email address.
Upload Consent

Every user must accept the Data Upload Terms before their first analysis. This is enforced at the application level.

1
First-time uploaders

See a four-point summary of data handling practices, a link to the full Data Upload Terms, and a required checkbox confirming their file does not contain protected health information or other prohibited data. The analysis button is disabled until the checkbox is checked.

2
Returning uploaders

See a one-line reminder that their upload is subject to the Data Upload Terms and must not contain PHI. No checkbox required on subsequent uploads.

3
Version-gated re-consent

If we make material changes to the Data Upload Terms, all users are required to re-accept the updated terms before their next upload. Acceptance is tracked with a version number and timestamp.

Questions?

If you have questions about how MQS handles your data, we are happy to help.

info@metadataqualityscore.com