Security and Responsible Disclosure Policy

6.1 Reporting a Vulnerability

If you discover a potential security vulnerability in Quagix websites, products, applications, APIs, dashboards, or related services, report it to quagixinnovations@gmail.com.

Include affected URL/product/endpoint, reproducible steps, impact, safe evidence, and your contact details if you want a response.

6.2 Responsible Testing Rules

• Act in good faith and comply with applicable law.
• Avoid privacy violations, service disruption, destructive testing, and unauthorized data access.
• Do not access, modify, delete, or exfiltrate data.
• Avoid social engineering, spam, phishing, or physical attacks.
• Stop testing and report promptly if you discover sensitive data or system access.

6.3 Prohibited Security Research Activities

• Denial-of-service or load attacks.
• Accessing customer data or private accounts.
• Data modification or deletion.
• Malware installation or persistent access.
• Public disclosure before Quagix has reasonable time to investigate and address issues.
• Testing third-party systems through Quagix products without authorization.

6.4 Our Response

Quagix may review, validate, prioritize, and communicate on reports where appropriate.

Response timelines may vary based on severity, evidence quality, and operational capacity.

Submitting a report does not create employment, contractor, bounty, reward, or compensation rights unless expressly agreed in writing.

6.5 Safe Harbor Statement

Where research is done in good faith, without harm, and in compliance with this policy, Quagix does not intend to pursue legal action solely for responsible reporting.

This does not authorize unlawful activity, attacks, data theft, extortion, privacy violations, or service disruption.

6.6 Security Measures

Quagix may use safeguards including authentication, access controls, logging, monitoring, encryption where appropriate, redaction, environment separation, and abuse prevention.

No system is completely secure; users remain responsible for credentials, environments, secrets, and submitted data.

6.7 Contact

For security reports, include a clear summary and supporting details.