Quantum Automations Quantum Automations ← Back to site
Legal

Security Policy

Last updated 3 May 2026
Entity Quantum Automations Group Ltd
Company no. 17190497 (England & Wales)
Security contact [email protected]

At Quantum Automations, we take reasonable steps to protect the data entrusted to us by our clients and users. This page outlines the measures we implement and the limitations of our responsibility.

01Important notice

Quantum Automations Group Ltd acts primarily as an integrator and provider of consulting, automation, and software services. Our services rely extensively on third-party platforms, tools, APIs, cloud providers, and software ("Third-Party Services"). While we select reputable providers and implement reasonable safeguards within our control, we do not own, operate, or control the infrastructure, security practices, or data handling of these Third-Party Services.

Third-party liability disclaimer

We are not responsible for, and expressly disclaim liability for, any security incidents, data breaches, data loss, service outages, or vulnerabilities arising from or related to Third-Party Services, including but not limited to cloud hosting providers, payment processors, authentication services, database providers, AI model providers, analytics tools, and any other external platforms integrated into our services.

Clients and users are encouraged to review the security policies, terms of service, and data processing agreements of any Third-Party Services used in connection with our services.

02Third-party services

Our services may integrate with or rely upon the following categories of Third-Party Services (this list is non-exhaustive and subject to change):

  • Cloud infrastructureAmazon Web Services (AWS), Vercel, Supabase, and others
  • Payment processingStripe, Wise
  • AI & machine learningOpenAI, Anthropic, and other model providers
  • Communication toolsEmail providers, messaging APIs
  • AnalyticsGoogle Analytics, Plausible, or similar
  • AuthenticationThird-party identity and SSO providers
  • Automation platformsn8n, Make, Zapier, and similar workflow tools
  • Client-specified toolsAny platforms or services selected or mandated by our clients

Each Third-Party Service operates under its own terms of service, privacy policy, and security practices. Quantum Automations does not warrant, guarantee, or assume responsibility for the security, availability, accuracy, or compliance of any Third-Party Service.

03Our security measures

Within the systems and code that we directly control, we implement the following measures:

Encryption in transit

All data transmitted between your browser or application and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints we control.

Encryption at rest

Where we directly manage data storage, sensitive data is encrypted at rest using AES-256 or equivalent encryption provided by the underlying cloud platform.

Access control

We apply the principle of least privilege for internal access to systems and data. Multi-factor authentication (MFA) is enforced for all administrative accounts.

Secure development practices

We follow secure coding guidelines and conduct code reviews for changes to production systems we develop and maintain.

Dependency management

We monitor third-party libraries used in our code for known vulnerabilities and apply updates on a reasonable basis.

Confidentiality

All team members and contractors are bound by confidentiality agreements.

04Limitations of our security

You acknowledge and agree that:

  • No system is 100% secure. Despite our reasonable efforts, we cannot guarantee that our services or any Third-Party Services will be free from vulnerabilities, breaches, or unauthorised access. We provide our services on an "as is" and "as available" basis with respect to security.
  • Third-party risk is your shared responsibility. Where our services integrate with Third-Party Services, security depends on the practices of those providers. We do not audit, certify, or guarantee the security of any Third-Party Service. If a Third-Party Service experiences a security incident, our liability is limited to the extent of our direct negligence, if any.
  • Client-provided configurations and data. We are not responsible for security issues arising from configurations, credentials, API keys, or data provided or managed by the client. Clients are responsible for securing their own accounts, credentials, and access to Third-Party Services.
  • Data shared with AI models. Where our services use AI model providers (such as OpenAI or Anthropic), data submitted to these models is processed under the terms of those providers. We are not responsible for how AI model providers store, process, or retain data submitted through their APIs. Clients should not submit sensitive personal data or confidential information to AI-powered features unless they have reviewed and accepted the relevant provider's data processing terms.
  • Open-source components. Our software may incorporate open-source libraries and components. These are provided without warranty, and we are not liable for vulnerabilities in open-source code that we did not author.

05Incident response

In the event of a security incident within systems we directly control:

  • We will investigate promptly and take reasonable steps to contain and remediate the issue
  • We will notify affected clients without undue delay and in accordance with our Data Processing Agreement and applicable laws
  • We will cooperate with clients in their own incident response processes

For security incidents originating from Third-Party Services, we will make reasonable efforts to notify affected clients and assist where possible, but our ability to investigate, remediate, or provide detailed information may be limited by the Third-Party Service provider.

06Vulnerability management

We conduct reasonable security assessments of our own code and systems. We do not conduct security audits of Third-Party Services and rely on their published certifications, SOC reports, and security documentation.

07Responsible disclosure

If you discover a security vulnerability in systems we directly operate (not Third-Party Services), we encourage you to report it responsibly at [email protected]. We commit to:

  • Acknowledging your report within 2 business days
  • Investigating and addressing confirmed vulnerabilities promptly
  • Not pursuing legal action against researchers who report in good faith

For vulnerabilities in Third-Party Services, please report them directly to the relevant provider.

08Disclaimer of warranties

To the maximum extent permitted by applicable law, Quantum Automations Group Ltd makes no representations or warranties, express or implied, regarding the security of its services, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. Our implementation of security measures does not constitute a guarantee that our services are, or will remain, secure or free from vulnerabilities.

Nothing in this policy creates any obligation or liability beyond what is set out in our Terms of Service and any applicable service agreement.

09Governing law

This Security Policy is governed by the laws of England and Wales.

10Contact

For security-related questions or to report a concern:

Quantum Automations Group Ltd
Company number: 17190497
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: [email protected]