Safety & Security Policy
1. Overview
Quibit, Inc. ("Quibit," "we," "us," or "our") is committed to providing a safe and secure environment for every user across all of our applications: Quibit (social), Kha (dating, 18+), QuiTalk (AI chat, channels, and phone calls), and QuizCoin (quiz game).
This Safety & Security Policy describes the measures we take to protect users from harm, the tools available to users for managing their own safety, and the security infrastructure that safeguards user data and platform integrity. It applies to all content, communications, AI-generated responses, phone calls, and user interactions across every Quibit, Inc. application.
Safety is a shared responsibility. While we invest heavily in automated systems, human review teams, and security infrastructure, we also empower users with tools and knowledge to protect themselves and their communities.
Quibit maintains a strict zero-tolerance policy for credible threats of violence, terrorism, exploitation, and any behavior that places users in immediate danger. Accounts involved in such activity are terminated immediately and reported to law enforcement.
2. User Safety Principles
Every decision we make about safety features, moderation policies, and security infrastructure is guided by four core principles:
2.1 Trust
We earn and maintain user trust by being consistent, fair, and transparent in our safety enforcement. Every user deserves to feel confident that Quibit is actively working to protect them.
- Consistent enforcement of Community Guidelines across all apps
- Fair and impartial moderation decisions with appeal processes
- Proactive communication about safety threats and platform changes
- Regular publication of transparency reports on safety metrics
2.2 Transparency
We are open about how our safety systems work, what data we collect for safety purposes, and how enforcement decisions are made.
- Clear explanations when content is removed or accounts are restricted
- Published guidelines on what constitutes a violation
- Transparent AI safety boundaries and limitations disclosures
- Open communication about security incidents and our responses
2.3 Empowerment
We give users the tools and knowledge they need to manage their own safety and make informed decisions about their interactions on Quibit.
- Granular privacy and safety controls accessible from every screen
- Educational resources on recognizing and avoiding online threats
- Easy-to-use blocking, muting, and reporting tools
- Parental controls and family safety features
2.4 Accountability
We hold ourselves accountable for the safety of our platform, and we hold users accountable for their behavior through clear policies and consistent enforcement.
- Dedicated Trust & Safety team with 24/7 coverage
- Regular third-party audits of safety systems
- Measurable safety goals reviewed quarterly
- Partnership with external safety organizations for independent oversight
3. Account Security
Your account is the gateway to your Quibit experience. We implement multiple layers of security to protect your account from unauthorized access, identity theft, and misuse.
3.1 Password Requirements
Strong passwords are the first line of defense for your account. Quibit enforces the following password standards:
- Minimum 8 characters with a mix of uppercase, lowercase, numbers, and special characters
- Passwords are checked against known breached password databases (HaveIBeenPwned integration)
- Passwords are hashed using bcrypt with a minimum cost factor — plaintext passwords are never stored
- Password change requires verification of current password or authenticated session
- Password reset links expire after 15 minutes and can only be used once
3.2 Two-Factor Authentication (2FA)
We strongly recommend enabling 2FA for an additional layer of account protection:
- SMS-based verification codes sent to registered phone number
- Time-based One-Time Password (TOTP) support via authenticator apps (Google Authenticator, Authy)
- Backup recovery codes provided during 2FA setup — store these securely
- 2FA is required for sensitive actions: password changes, email updates, and account deletion
- Mandatory 2FA for accounts with elevated privileges (channel owners, verified accounts)
We strongly recommend enabling two-factor authentication on your account. It significantly reduces the risk of unauthorized access, even if your password is compromised.
3.3 Session Management
We maintain strict control over active sessions to prevent unauthorized access:
- Sessions are bound to specific devices and tracked securely per user and device
- Automatic session expiration after extended periods of inactivity
- View all active sessions from your account settings — see device type, location, and last activity
- Remote logout capability — terminate any session from any device
- All sessions are invalidated when you change your password
- JWT tokens have limited lifetimes and are refreshed securely
3.4 Suspicious Activity Detection
Our automated systems continuously monitor for signs of account compromise:
- Login attempts from unusual geographic locations trigger verification challenges
- Multiple failed login attempts result in temporary account lockout and notification
- Credential stuffing attacks are detected and blocked at the network level
- Unusual activity patterns (mass messaging, rapid profile changes) trigger automated review
- Real-time alerts sent to your registered email and phone for suspicious login events
- Automated account lockdown if compromise is detected, with guided recovery process
3.5 Device Management
Manage the devices connected to your Quibit account for full visibility and control:
- View a list of all devices that have accessed your account
- Each device shows: device name, operating system, last active time, and approximate location
- Remove trusted devices at any time to revoke access
- New device logins require additional verification when 2FA is enabled
- Receive push notifications when a new device signs into your account
4. App-Specific Safety Features
Each Quibit, Inc. application has unique features and interaction patterns that require tailored safety measures. Below are the safety features specific to each app.
4.2 Kha (Dating — 18+ Only)
Kha is an adults-only dating application. We implement rigorous safety measures to protect users in the uniquely vulnerable context of online dating:
- In-app safety guide displayed to all new users during onboarding
- Tips for safe first meetings: meet in public, tell a friend, arrange your own transport
- Educational content on recognizing manipulation and love-bombing tactics
- Regular safety reminders via push notifications and in-app banners
- Selfie verification — users take a real-time photo matching a specific pose to verify identity
- Verified profiles display a blue checkmark badge visible to all users
- AI-powered detection of stock photos, celebrity images, and previously flagged images
- Profiles using stolen or misleading photos are suspended and investigated
- Built-in date planner with safety checklist (public location, share itinerary, emergency contacts)
- Optional safety check-in: schedule a notification that asks if you are safe during or after a date
- Emergency SOS feature accessible from the app during dates — sends your location to emergency contacts
- Post-date safety feedback to help us identify concerning user behavior patterns
- Instantly unmatch any user — conversation is deleted for both parties
- Block a user to prevent them from appearing in your match queue again
- Report a match for harassment, catfishing, inappropriate behavior, or threats
- Cross-app blocking: blocking on Kha also blocks on Quibit, QuiTalk, and QuizCoin
- AI-powered detection of common romance scam patterns (quick professions of love, requests for money, sob stories)
- Warning prompts when conversations show red flags for financial exploitation
- Automatic flagging of messages containing cryptocurrency wallet addresses, wire transfer details, or gift card requests
- Educational resources on recognizing and avoiding romance scams
- Partnership with anti-fraud organizations to track and report scam networks
Always prioritize your personal safety when meeting someone from Kha in person. Meet in public, tell someone you trust, and never feel pressured to share personal details like your home address or workplace before you are ready.
4.3 QuiTalk (AI Chat, Channels & Phone Calls)
QuiTalk combines AI conversations, user channels, and phone calling features. Each requires specific safety measures:
- AI models refuse to generate harmful, dangerous, illegal, or exploitative content
- AI conversations are monitored for patterns indicating self-harm, abuse, or crisis situations
- When crisis language is detected, AI provides helpline resources and offers to connect users with support. See our Crisis Response Policy
- AI clearly identifies itself as artificial intelligence — never impersonates a human
- Users can report problematic AI responses for human review and model improvement
- Minor accounts have enhanced AI safety filters with stricter content restrictions
- Call recording disclosure: users are informed if any call recording or monitoring is in effect
- Call blocking: block specific numbers or unknown callers from reaching you
- Emergency detection: AI monitoring detects keywords and patterns indicating emergencies during calls and can surface emergency resources
- Spam call filtering: known spam and scam numbers are automatically blocked or flagged
- Call history privacy: call logs are encrypted and accessible only to the account holder
- Abuse reporting: report abusive or threatening phone calls directly from the call log
- Channel owners have full moderation controls: remove members, delete messages, set channel rules
- Auto-moderation: AI-powered content filtering that can be configured per channel
- Slow mode: limit how frequently members can post to prevent spam and flooding
- Member approval: require owner approval before new members can join
- Banned word lists: customizable per channel with automatic message filtering
- Moderation logs: full audit trail of all moderation actions taken in a channel
- Multi-layer content filtering on all AI-generated responses
- Automatic detection and blocking of attempts to jailbreak or manipulate AI safety systems
- AI-generated content is reviewed for accuracy, bias, and potential harm before delivery
- User feedback loop: thumbs up/down on AI responses helps improve safety filters
- Separate safety filter levels for minor accounts (enhanced restrictions)
4.4 QuizCoin (Quiz Game)
QuizCoin is a quiz game with social and competitive elements. We implement safety measures appropriate for a gaming environment that may include younger users:
- Age-appropriate content filtering ensures quiz content is suitable for the user's age group
- Minor accounts (under 18) have restricted social features — no private messaging with adults
- Parental consent required for accounts under 13 (COPPA compliance)
- Activity reports available for parents and guardians
- Enhanced monitoring of interactions involving minor accounts
- Anti-cheat systems detect and prevent answer manipulation, bot usage, and exploits
- Leaderboard integrity: suspicious score patterns are investigated and cheating accounts are penalized
- Automated detection of collusion between accounts
- Fair matchmaking algorithms that prevent experienced players from targeting newcomers
- In-game chat is monitored for harassment, hate speech, bullying, and inappropriate content
- Profanity filter enabled by default with option to adjust sensitivity
- Users can mute, block, or report other players directly from the game interface
- Chat logs are retained for moderation review and abuse investigation
- Daily and monthly spending caps to prevent excessive in-app purchases
- Additional purchase confirmation for transactions above threshold amounts
- Parental controls to restrict or approve in-app purchases for minor accounts
- Transparent pricing with no hidden fees or deceptive purchase flows
- Refund process available for unauthorized or accidental purchases
5. Anti-Harassment & Anti-Bullying
Quibit has zero tolerance for harassment and bullying across all applications. Every user has the right to participate in our platforms without fear of intimidation, abuse, or targeted attacks.
See our Community Guidelines for the full list of prohibited behaviors.
5.1 Definitions
We define harassment and bullying broadly to protect users from all forms of abuse:
- Repeated unwanted contact after a user has indicated they do not wish to communicate
- Targeted attacks based on race, ethnicity, gender, sexual orientation, religion, disability, or other protected characteristics
- Doxxing — sharing someone's private information (address, phone number, workplace) without consent
- Coordinated campaigns to mass-report, brigade, or overwhelm a user
- Sexual harassment including unsolicited sexual messages, images, or advances
- Threats of violence, harm, or intimidation against a user or their family
- Repeated negative behavior intended to demean, humiliate, or isolate an individual
- Mocking or ridiculing a user's appearance, identity, beliefs, or personal circumstances
- Exclusion campaigns designed to ostracize a user from groups or communities
- Creating accounts or content specifically to target or torment another user
- Encouraging others to harass, bully, or harm a specific individual
5.2 Detection and Prevention
We use a combination of automated systems and human review to detect and prevent harassment:
- AI-powered toxicity detection in messages, comments, posts, and AI conversations
- Pattern recognition to identify repeated targeting of the same user across multiple accounts
- Proactive scanning of newly created accounts for ban-evasion behavior
- Automated warnings sent to users whose content approaches policy thresholds
- Shadow-restriction of accounts under investigation to limit harm while review is pending
5.3 Enforcement Actions
Enforcement is proportional to the severity and frequency of the violation:
| Violation Type | Enforcement Action |
|---|---|
| First-time mild harassment (e.g., rude comments) | Warning issued, educational resources provided, content removed |
| Repeated harassment or targeted bullying | Temporary account suspension (7-30 days), all violating content removed |
| Severe harassment (threats, doxxing, sexual harassment) | Immediate account suspension pending investigation, law enforcement notification if applicable |
| Coordinated harassment campaigns | All participating accounts permanently banned, content removed, IP-level restrictions applied |
| Credible threats of physical violence | Immediate permanent ban, law enforcement notified, evidence preserved for investigation |
| Ban evasion (creating new accounts to continue harassment) | All associated accounts permanently banned, device-level restrictions applied |
6. Fraud Prevention
Quibit actively works to protect users from scams, fraud, and financial exploitation across all applications. Our fraud prevention systems operate continuously to detect and neutralize threats before they reach users.
6.1 Scam Detection
Our AI-powered systems monitor for common scam patterns across all communication channels:
- Romance scams on Kha: detection of love-bombing, urgency tactics, and financial requests
- Investment scams: detection of promises of guaranteed returns, cryptocurrency schemes, and pyramid schemes
- Employment scams: fake job offers requesting upfront payments or personal financial information
- Prize scams: messages claiming the user has won prizes or lottery in exchange for fees
- Technical support scams: impersonation of Quibit staff requesting account credentials
6.2 Phishing Prevention
We implement multiple layers of protection against phishing attacks:
- URL scanning on all links shared in messages, posts, and comments — malicious links are blocked or flagged
- Homograph detection to identify URLs that mimic legitimate Quibit domains
- Warning interstitials displayed when users click external links leaving Quibit platforms
- Official Quibit emails are DKIM-signed and SPF-verified — we will never ask for your password via email
- In-app education about recognizing phishing attempts and suspicious messages
- Report phishing emails to [email protected]
6.3 Impersonation Prevention
We protect users and public figures from impersonation and identity theft:
- Verified badges for authenticated public figures, brands, and official Quibit accounts
- Automated detection of accounts mimicking official Quibit branding, names, or logos
- User-submitted impersonation reports are prioritized for rapid review
- Cross-app identity verification — verified status carries across all Quibit applications
- Strict username policies preventing confusingly similar names to verified accounts
6.4 Financial Fraud Protection
For features involving financial transactions (QuizCoin purchases, subscriptions, Kha premium), we implement:
- PCI-DSS compliant payment processing through certified payment providers
- Fraud scoring on all transactions — high-risk transactions require additional verification
- Chargeback and dispute resolution processes with clear timelines
- Monitoring for unusual purchase patterns that may indicate stolen payment methods
- Automatic blocking of known fraudulent payment sources
6.5 AI-Powered Fraud Detection
Our machine learning systems continuously evolve to combat new fraud tactics:
- Behavioral analysis models that identify fraudulent accounts based on interaction patterns
- Network graph analysis to detect coordinated fraud rings operating across multiple accounts
- Natural language processing to identify scam messaging patterns across 5+ languages
- Real-time risk scoring for new accounts based on registration patterns and device fingerprints
- Continuous model retraining using confirmed fraud cases to stay ahead of evolving tactics
7. Location & Privacy Safety
Location data is among the most sensitive information on any platform. Quibit provides granular controls over location sharing and implements strong safeguards to prevent location-based threats such as stalking, doxxing, or unwanted tracking.
7.1 Location Sharing Controls
You are always in control of when and how your location is shared:
- Location sharing is opt-in only — never enabled by default on any Quibit app
- Granular options: share precise location, approximate area, city only, or no location at all
- Temporary location sharing with automatic expiration (1 hour, 8 hours, until end of day)
- Per-feature control: different location settings for posts, stories, dating profiles, and messages
- One-tap disable: instantly stop all location sharing across all apps from any screen
7.2 Geofencing & Location Boundaries
We use geofencing technology to enhance safety in specific scenarios:
- Kha dating: distance display uses approximate ranges (e.g., 'within 5 km') rather than exact distances to prevent triangulation
- Content moderation: geofencing supports region-specific content restrictions and compliance with local laws
- Emergency services: geofencing enables accurate routing to local emergency resources when crisis features are activated
- Event safety: geofenced notifications for safety alerts in specific geographic areas
7.3 Privacy Zones
Privacy zones allow you to hide your presence in sensitive locations:
- Set privacy zones around your home, workplace, school, or any location you choose
- When you are within a privacy zone, your location is not visible to any other user
- Kha dating profiles are hidden from other users within your privacy zones
- Privacy zones are encrypted and stored locally on your device — Quibit servers do not know your privacy zone locations
- Unlimited privacy zones can be configured per account
- EXIF location data is automatically stripped from all uploaded photos and videos
- No location data is shared with third parties for advertising purposes
8. Communication Safety
Safe communication is fundamental to the Quibit experience. Whether you are messaging friends on Quibit, chatting with matches on Kha, talking to AI on QuiTalk, or competing on QuizCoin, we implement safeguards to keep your conversations safe and private.
8.1 Message Filtering
Multi-layer filtering protects you from unwanted and harmful messages:
- Spam detection: automated filtering of bulk messages, promotional spam, and bot-generated content
- Toxicity scoring: messages with high toxicity scores are flagged or filtered based on user preferences
- Image safety scanning: images shared in messages are scanned for nudity, violence, and CSAM before delivery
- Link safety: URLs in messages are checked against malware and phishing databases in real time
- Customizable filters: set your own keyword filters to hide messages containing specific words or phrases
8.2 Spam Prevention
We combat spam across all communication channels:
- Rate limiting on messages, comments, and posts to prevent spam flooding
- New account restrictions: freshly created accounts have limited messaging capabilities until trust is established
- CAPTCHAs and verification challenges triggered by spam-like behavior patterns
- Automated detection of copy-paste spam campaigns across multiple users
- Community reporting of spam with rapid response from moderation team
- Spam accounts are terminated and associated content removed across all apps
8.3 Phone Call Safety (QuiTalk)
QuiTalk's phone calling feature includes dedicated safety measures:
- Caller ID display with verified account status when available
- Call screening: preview who is calling before answering
- Call blocking: block specific users, unknown numbers, or all calls from non-contacts
- Recording transparency: clear disclosure and consent requirements for any call recording
- Emergency call routing: calls expressing emergency situations are flagged for immediate review
- Post-call reporting: report abusive, threatening, or scam calls directly from the call log
- Call duration limits for new and unverified accounts to prevent abuse
Phone calls use WebRTC with SRTP encryption. Call content is not stored or monitored. Only call metadata (duration, participants, timestamps) is retained for service operation.
8.4 Encrypted Messaging
We protect the privacy and integrity of your communications with strong encryption:
- All messages are encrypted in transit using TLS 1.3
- Message data is encrypted at rest using AES-256 encryption
- Encryption keys are managed using industry-standard key management practices
- Media files (images, videos, voice notes) are encrypted with the same standards as text messages
- We regularly audit our encryption implementation through third-party security assessments
9. AI Safety Measures
Artificial intelligence powers many features across Quibit platforms, from QuiTalk's conversational AI to content moderation and recommendation systems. We are committed to deploying AI responsibly with robust safety guardrails.
9.1 AI Conversation Boundaries
QuiTalk's conversational AI operates within clearly defined safety boundaries:
- AI will not generate content that promotes violence, self-harm, illegal activities, or exploitation
- AI will not provide instructions for creating weapons, drugs, or other dangerous materials
- AI will not engage in sexual conversations with or about minors under any circumstances
- AI will not impersonate real individuals, law enforcement, medical professionals, or emergency services
- AI will redirect users expressing distress to appropriate human support resources and crisis hotlines. See our Crisis Response Policy
- AI will not provide specific medical, legal, or financial advice — it will recommend consulting qualified professionals
9.2 Harmful Content Prevention
Multiple safety layers prevent AI from generating or facilitating harmful content:
- Input filtering: user prompts are scanned for attempts to elicit harmful outputs
- Output filtering: AI responses are checked against safety classifiers before delivery
- Context analysis: the full conversation history is evaluated to detect gradual escalation toward harmful topics
- Human review pipeline: flagged AI conversations are reviewed by Trust & Safety specialists
- Continuous red-teaming: internal and external security teams regularly test AI boundaries
- Automated rollback: if a safety regression is detected, AI models can be reverted immediately
9.3 AI Limitations Disclosure
We are transparent about the limitations and nature of our AI systems:
- AI clearly identifies itself as an AI assistant — it never claims to be human
- AI responses may contain inaccuracies — users are advised to verify important information
- AI does not have real-time access to external information unless specifically integrated
- AI cannot make commitments, promises, or guarantees on behalf of Quibit, Inc.
- AI conversation data is used to improve safety and quality, subject to our Privacy Policy. See our Data Security Policy
- Channel AI brains reflect the knowledge configured by the channel owner
AI is a tool to assist and inform, not a replacement for professional advice. For emergencies, always contact local emergency services. For medical, legal, or financial matters, consult qualified professionals.
9.4 Bias Prevention
We actively work to identify and mitigate bias in our AI systems:
- Regular bias audits across demographic categories (race, gender, age, religion, nationality)
- Diverse training data curation to reduce representation gaps
- Fairness metrics monitored continuously with automated alerts for drift
- User feedback integration to identify bias patterns not caught by automated systems
- External advisory board review of AI fairness practices
- Commitment to responsible AI principles aligned with industry standards
9.5 AI-Generated Content Watermarking
We implement measures to identify AI-generated content and prevent misuse:
- AI-generated text responses are labeled as AI-generated within the QuiTalk interface
- AI-generated images include metadata indicating they were created by AI
- Content generated by AI that is shared outside QuiTalk retains AI attribution markers
- Detection systems identify AI-generated content being passed off as human-created
- Users who repeatedly misrepresent AI content as their own may face account restrictions
10. Reporting & Getting Help
We make it easy to report safety concerns and get help when you need it. Reports are taken seriously, reviewed promptly, and acted upon fairly.
10.1 How to Report in Each App
Every Quibit application provides multiple ways to report concerns:
- Tap the three-dot menu on any post, comment, story, or profile and select 'Report'
- Long-press a message in any conversation to report it
- Visit Settings > Help & Support > Report a Problem for general safety concerns
- Tap the shield icon on any profile or conversation to report the user
- Use the 'Report & Block' option after unmatching for serious concerns
- Access Safety Center from the profile menu for dating-specific safety resources
- Tap the flag icon on any AI response to report a problematic output
- Long-press a message in any channel to report it to channel moderators or Quibit Trust & Safety
- Report abusive phone calls from the call log by tapping 'Report Call'
- Tap a player's avatar in-game and select 'Report Player'
- Use the chat report button to flag inappropriate in-game messages
- Report cheating or unfair play from the match results screen
10.2 Response Times
We commit to reviewing reports within the following timeframes:
| Violation Type | Enforcement Action |
|---|---|
| Imminent danger or crisis reports | Reviewed within 15 minutes, 24/7 |
| Child safety and exploitation reports | Reviewed within 1 hour. See our Child Safety Policy |
| Harassment and threats | Reviewed within 4 hours |
| General content violations | Reviewed within 24 hours |
| Account security concerns | Reviewed within 4 hours |
| Spam and minor policy violations | Reviewed within 48 hours |
10.3 Emergency Reporting
For situations involving immediate danger to life, exploitation, or imminent harm:
- Always call local emergency services first (911 in U.S., 112 in Korea, 999 in Myanmar)
- Use the in-app Emergency Report feature for immediate escalation to our 24/7 crisis team
- Email [email protected] — this inbox is monitored around the clock for urgent reports
- If you believe a child is in danger, contact NCMEC CyberTipline at CyberTipline.org immediately. See our Child Safety Policy
Quibit is not a substitute for emergency services. If you or someone you know is in immediate physical danger, contact local emergency services before using any in-app reporting features. See our Crisis Response Policy for full emergency protocols.
11. Platform Security Infrastructure
Quibit's security infrastructure is designed to protect user data, maintain platform availability, and defend against evolving cyber threats. We follow industry best practices and maintain compliance with international security standards.
See our Data Security Policy for detailed information about data protection, encryption, and compliance certifications.
11.1 DDoS Protection
We protect our infrastructure from Distributed Denial of Service attacks:
- Multi-layer DDoS mitigation at network, transport, and application layers
- Cloud-based DDoS protection services with automatic traffic scrubbing
- Anycast network distribution to absorb and distribute attack traffic
- Real-time traffic analysis and anomaly detection with automatic mitigation
- Incident response playbooks for large-scale DDoS events
- Redundant infrastructure ensures service availability during attacks
11.2 Rate Limiting
Rate limiting protects both our infrastructure and users from abuse:
- API rate limits prevent automated abuse, credential stuffing, and data scraping
- Per-user rate limits on messaging, posting, and commenting to prevent spam
- Login attempt limits with progressive delays to prevent brute-force attacks
- Adaptive rate limiting that increases restrictions based on threat intelligence
- Rate limit headers in API responses for transparency with developers
- Rate limiting does not affect normal user behavior — thresholds set well above typical usage
11.3 Security Audits
Regular security assessments ensure our defenses remain effective:
- Annual comprehensive security audits by independent third-party firms
- Quarterly vulnerability assessments of all production systems
- Code security reviews integrated into the development pipeline (SAST/DAST)
- Dependency scanning for known vulnerabilities in third-party libraries
- Compliance audits for GDPR, CCPA, COPPA, PIPA, and other applicable regulations
11.4 Penetration Testing
We proactively test our systems against real-world attack scenarios:
- Annual penetration tests conducted by certified external security firms
- Scope covers web applications, mobile applications, APIs, and cloud infrastructure
- Red team exercises simulating advanced persistent threats
- Findings are remediated based on severity with defined SLAs (critical: 24 hours, high: 7 days)
- Retesting performed to verify remediation effectiveness
11.5 Bug Bounty Program
We partner with the security research community to identify vulnerabilities:
- Public bug bounty program welcoming responsible disclosure from security researchers
- Rewards based on vulnerability severity: from acknowledgment to significant monetary bounties
- Clear scope and rules of engagement published on our security page
- Safe harbor protections for researchers who follow responsible disclosure guidelines
- Average response time of 48 hours for initial triage of submitted reports
- Report security vulnerabilities to [email protected]
12. Policy Updates & Contact
This Safety & Security Policy is a living document that evolves alongside our platform, the threat landscape, and regulatory requirements.
12.1 Update Process
We review and update this policy through a structured process:
- Quarterly reviews by the Trust & Safety and Security teams to assess policy effectiveness
- Updates in response to new threats, platform features, or regulatory changes
- Input from external safety advisors, law enforcement partners, and user feedback
- All changes are documented with version numbers and effective dates
12.2 Notification of Changes
We notify users of material changes to this policy through multiple channels:
- In-app notifications for significant policy updates
- Email notification to registered users at least 30 days before material changes take effect
- Updated policy published on thequibit.com with change summary
- Previous versions archived and available upon request
- Continued use of Quibit services after changes take effect constitutes acceptance of the updated policy
12.3 Contact Information
For questions, concerns, or feedback about this Safety & Security Policy:
- Trust & Safety: [email protected] — general safety inquiries and policy questions
- Emergency Safety: [email protected] — urgent safety concerns (monitored 24/7)
- Security: [email protected] — vulnerability reports and security incidents
- Legal: [email protected] — law enforcement requests and legal inquiries
- Privacy: [email protected] — data protection and privacy concerns
For related policies, see our Child Safety Policy for child-specific protections, our Community Guidelines for content and behavior standards, our Crisis Response Policy for emergency protocols, and our Data Security Policy for data protection details.
For questions about this policy, contact [email protected]
© 2026 Quibit, Inc. · Version 1.0· Last updated 2026-03-13