Privacy Policy | QuantumAI Shield

Vulnerability Disclosure Policy

QuantumAI Shield • Effective November 24, 2025

QuantumAIShield Vulnerability Disclosure Policy

At QuantumAIShield, we take the security of our systems and data seriously. We welcome responsible reports of security vulnerabilities that could affect our websites, applications, or infrastructure.

Scope

This policy applies to vulnerabilities you discover in www.quantumaishield.com and any associated public web applications or services operated by QuantumAIShield, unless explicitly excluded on this page.

How to report a vulnerability

If you believe you have found a security vulnerability, please email us at support@quantumaishield.com. Include as much detail as possible so we can reproduce and assess the issue:

  • URL(s) and affected component or feature
  • Step-by-step instructions to reproduce the issue
  • Any supporting screenshots, request/response samples, or proof-of-concept code
  • Your contact information so we can follow up with questions

Our commitment

When you report a vulnerability to us in line with this policy, we will:

  • Acknowledge receipt of your report in a reasonable timeframe.
  • Investigate and validate the issue, giving it appropriate priority.
  • Work to remediate confirmed vulnerabilities and, where appropriate, share general information about the fix.
  • Not take legal action against you for testing and reporting in good faith under this policy.

Safe harbor and guidelines for researchers

To protect users and data, we ask that you:

  • Do not exploit a vulnerability beyond what is necessary to prove its existence.
  • Do not access, modify, or exfiltrate any personal data or confidential information.
  • Do not perform actions that degrade the availability or integrity of our services (e.g., DDoS, spam, destructive testing).
  • Do not use automated scanners in a way that could impact service stability without prior coordination.
  • Give us a reasonable amount of time to fix the issue before publicly disclosing any details.

Out of scope

The following are generally out of scope for this policy:

  • Clickjacking on pages with no sensitive actions.
  • Use of outdated user agents or unsupported browsers.
  • Reports about missing DNS records, SPF/DMARC tuning, or generic best-practice suggestions without a specific exploit scenario.

This policy may be updated from time to time. The latest version will always be available on this page.