Security Policy

1) Overview

Our goal is to protect customer data and maintain service availability. We implement security practices appropriate to the nature of our products and services.

2) Responsible Vulnerability Disclosure

We welcome responsible disclosure. If you believe you’ve found a vulnerability, please report it to us rather than disclosing it publicly.

• Report via email: security@quantum-g.io
• Helpful details: reproduction steps, expected impact, affected scope/URL, screenshots/logs if possible.

3) What We Ask of Researchers

• Do not access, download, modify, or exfiltrate user data without authorization.
• Do not disrupt service availability or run stress tests without prior coordination.
• Use the minimum testing necessary to demonstrate the issue.
• Report promptly and keep details confidential until we address the issue or agree on disclosure.

4) Scope

This applies to Quantum‑G official domains, websites, and services, including our corporate site and applicable service endpoints.

Third-party services (e.g., hosting/analytics providers) may be out of scope.

5) Security Practices

We use technical and organizational safeguards, which may include (depending on the Service):

• Encryption in transit (TLS/HTTPS) where applicable.
• Role-based access controls and least-privilege access.
• Separation of development, staging, and production environments.
• Monitoring and diagnostics to help detect incidents.
• Regular security updates and vulnerability management.

6) Incident Response

If we confirm a security incident, we work to investigate, contain, and remediate it, and may notify affected parties as required by law or contract.

7) Changes to This Policy

We may update this policy from time to time. We will post the updated version and update the “Last updated” date.

8) Contact

For general inquiries, contact:

• Email: info@quantum-g.com