Security Policy

Last Updated: 24.05.2026

We welcome good-faith security research on Quollix and appreciate responsible vulnerability reports. You may investigate Quollix software, especially by reviewing the source code or testing your own self-hosted instance.

Please test responsibly. Do not target other users’ deployments, third-party systems, or data that is not yours. Limited testing against Quollix-operated public services is acceptable when done carefully and without disrupting availability.

Do not perform denial-of-service attacks, degrade service availability, complete fraudulent purchases, create or retain unauthorized licenses, publish or share license keys, or continue exercising a vulnerability after you have confirmed it.

If you find a vulnerability, please report it privately through the feedback page before public disclosure. Include the affected component, reproduction steps, impact, and any relevant logs or screenshots. We will review reports as quickly as practical and ask that you give us reasonable time to investigate and fix confirmed issues before publishing details.