Trust, Security & Privacy

HQIC is an internal platform used by HQIC employees and managers for HR, attendance, requests, housing, fleet, and internal communications. It is not a public service and does not accept anonymous sign-ups.

Access requires an HQIC-issued email and password. New accounts are provisioned by HR and email addresses must be confirmed before first sign-in. Passwords are checked against known breach lists when supported by the platform.

Each user is assigned a role (employee, supervisor, engineer, accounting manager, HR manager, general manager, or super admin). Roles are stored separately from user profiles and govern what each person can view or change.

Row-level security policies are enabled on every employee-data table. Employees can only read and modify their own attendance, requests, notifications and chats. Managers see the broader records their role requires; salary information is restricted to HR and top management.

Realtime subscriptions are scoped per user so one employee cannot listen to another employee's private channels.

The application is hosted on Lovable Cloud, which uses managed Postgres, authentication, storage and edge compute. Data is transmitted over HTTPS. Describing the platform is not a claim of Lovable certification.

Transactional and authentication emails are sent from an HQIC-owned subdomain with SPF, DKIM and DMARC managed through the email infrastructure. Unsubscribe and suppression are honored for all non-essential mail.

Employee records, attendance, requests and chats are retained for as long as the employee relationship requires and in line with HQIC's internal retention policy. Requests to correct or remove personal information can be sent to the contact below.

The platform relies on Lovable Cloud (Supabase) for database, authentication and storage, and on the Lovable Email infrastructure for transactional mail. No employee data is sold or shared with third-party advertisers.

If you believe you have found a vulnerability or a privacy issue with the HQIC platform, please contact HQIC HR / IT directly. Reports are reviewed promptly and remediated based on severity. Please do not publicly disclose issues before they have been fixed.

HQIC is responsible for how the application is configured, who is granted access, and how employee data is used. The hosting platform is responsible for the underlying infrastructure. Employees are responsible for protecting their own credentials and for using the application in line with HQIC's policies.