Quantum-G
Security

Security Policy

We take security seriously. This page explains how to report vulnerabilities and what we expect from security researchers.

Last updated: April 15, 2026

1) Overview

Our goal is to protect customer data and maintain service availability. We implement security practices appropriate to the nature of our products and services.

2) Responsible Vulnerability Disclosure

We welcome responsible disclosure. If you believe you’ve found a vulnerability, please report it to us rather than disclosing it publicly.

  • Report via email: security@quantum-g.io
  • Helpful details: reproduction steps, expected impact, affected scope/URL, screenshots/logs if possible.

3) What We Ask of Researchers

  • Do not access, download, modify, or exfiltrate user data without authorization.
  • Do not disrupt service availability or run stress tests without prior coordination.
  • Use the minimum testing necessary to demonstrate the issue.
  • Report promptly and keep details confidential until we address the issue or agree on disclosure.

4) Scope

This applies to Quantum‑G official domains, websites, and services, including our corporate site and applicable service endpoints.

Scope also includes mobile applications published by or branded as Quantum‑G (such as Rank Riser Hotel Edition) when they connect to backends or infrastructure operated by Quantum‑G. For personal data processing and sensitive permissions (such as the camera), refer to our Privacy Policy for the intended use description.

Third-party services (e.g., hosting/analytics providers) may be out of scope.

5) Mobile apps and sensitive permissions

If you believe you’ve found a security issue related to how our app handles photos/media or camera permissions (rather than a normal product feature request), include that in your report to security@quantum-g.io with reproduction details, app version, and device type.

6) Security Practices

We use technical and organizational safeguards, which may include (depending on the Service):

  • Encryption in transit (TLS/HTTPS) where applicable.
  • Role-based access controls and least-privilege access.
  • Separation of development, staging, and production environments.
  • Monitoring and diagnostics to help detect incidents.
  • Regular security updates and vulnerability management.

7) Incident Response

If we confirm a security incident, we work to investigate, contain, and remediate it, and may notify affected parties as required by law or contract.

8) Changes to This Policy

We may update this policy from time to time. We will post the updated version and update the “Last updated” date.

9) Contact

For general inquiries, contact: