Effective Date: January 25, 2026 Last updated: January 25, 2026
Policy notice: This policy is provided for informational purposes and does not create contractual obligations. If there is a conflict between this policy and the applicable agreement, the agreement controls. QUBS may update this policy from time to time.
QUBS uses reasonable administrative, technical, and physical safeguards to help protect data, but no security measures can guarantee complete protection. Third-party services, integrations, or components are outside QUBS control and may introduce additional risks.
Defined Terms
In this Security Policy, the following words shall mean:
QUBS means QUBS International Pty Ltd (ACN 618 205 351).
Services refers to any services, products, or
solutions provided by QUBS, including but not limited to software,
applications, and support.
Your Content refers to any data, information, or
materials submitted, uploaded, or otherwise provided by you or your
users in connection with your use of the Services.
AWS refers to Amazon Web Services, a subsidiary of
Amazon.com, Inc., which provides cloud computing infrastructure and
services on which QUBS Services are hosted.
Data Center refers to the physical facilities where
AWS stores, processes, and manages Your Content and other data
associated with the Services.
DICOM refers to Digital Imaging and Communications
in Medicine, a standard for storing and transmitting medical images.
PITR refers to Point-in-Time Recovery, a feature
that provides automatic backups of data at specified intervals.
Environmental Security refers to the measures taken
to protect the Data Center from environmental hazards, such as fire,
flooding, power outages, and temperature fluctuations.
Network Security refers to the measures taken to
protect the infrastructure and systems that transmit, process, and
store Your Content against unauthorized access, data breaches, and
other security threats.
High Availability refers to the design and
operation of the Services to ensure they remain accessible and
operational in the event of component failures, network outages, or
other issues that could impact system performance.
Fault Tolerance refers to the ability of the
Services to continue functioning despite the failure of one or more
components, systems, or infrastructure elements.
Our Obligations
Without limiting any provision of the QUBS Service Agreement, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
Your Obligations
Our documentation may specify restrictions on how the Services may
be configured. You agree to comply with any such restrictions or
specifications.
QUBS access credentials and private keys generated by the Services
are for your internal use only. You may not sell, transfer, or
sublicense them to any other entity or person, except that you may
disclose your private key to your agents and subcontractors
performing work on your behalf.
AI Features
AI Features are optional. We apply the same access controls and security monitoring to AI inputs and outputs as other Service data. We do not send patient health information to third-party AI vendors unless a customer explicitly enables such processing and appropriate safeguards are in place. If AI Features are enabled, data may be used to improve AI Features in accordance with the Service Agreement and Privacy Policy.
Reporting Security Vulnerabilities
If you discover a potential security vulnerability, we strongly prefer that you notify us in private. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Please report security vulnerabilities to [email protected] or use our contact form. Thank you!
Data Center Security
QUBS runs on the Amazon Web Services (AWS) global infrastructure platform.
AWS publishes security documentation and reports about its controls,
and SOC 2 reports may be available from AWS upon request.
Please note that while we rely on AWS for data center security and
take precautions to protect your data, we cannot guarantee the
absolute security of the information stored in AWS data centers.
1. Compliance
AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally AWS also has assurance programs that provide templates and control mappings to help customers establish the compliance of their environments running on AWS against 20+ standards, including the HIPAA, CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards.
2. Physical Security
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
3. Environmental Security
AWS data center environmental controls include:
• Fire detection and suppression systems
• Redundant power systems, backed by Uninterruptible Power Supply units and generators
• Climate and temperature controls
• Active system monitoring
QUBS Network Security
Please note that while we implement various network security measures and rely on AWS for certain aspects of network security, we cannot guarantee the absolute security of the information transmitted over the network. We encourage you to take appropriate precautions to protect your data and information.
1. Firewalls
All public-facing EC2 instances use inbound Security Group rules configured in deny-all mode. Ports are opened as necessary for: administrative SSH access, QUBS Deploy SSH Portal Access.
2. Port Scanning
AWS monitors and stops unauthorized port scanning. All QUBS hosts run strict firewalls, port scanning is generally ineffective.
3. Spoofing & Sniffing
The AWS network prohibits a host from sending traffic with a source IP or MAC address other than its own. The AWS hypervisor will also not deliver any traffic to a host the traffic is not addressed to, meaning even an instance running in promiscuous mode will not receive or be able to "sniff" traffic intended for other hosts.
Data Encryption
To ensure the protection of sensitive data, we employ encryption both in transit and at rest:
1. In Transit
Data transmitted between our servers and customers is protected using industry-standard transport encryption (such as TLS), where appropriate, to help protect confidentiality and integrity.
2. At Rest
Customer data stored on our systems is protected using encryption at rest where appropriate, along with access controls and monitoring.
Business Continuity
Please note that while we implement business continuity measures and rely on AWS for certain aspects of our infrastructure, we cannot guarantee absolute protection against data loss or system failures. We encourage you to take appropriate precautions and consult with legal professionals for comprehensive protection.
1. Backups
QUBS maintains backups and recovery procedures for core services. Backup and version retention periods vary by service and are described in our documentation. After termination and delivery of a copy of Your Content, QUBS deletes Your Content from active systems and backups within a reasonable period, except as required by law.
In the event a user requests the recovery of accidentally deleted data from backups, the labor costs associated with the recovery process may be passed on to the user. The user will be informed of the estimated costs and must agree to them before the recovery process is initiated.
2. Fault Tolerance
AWS data centers are clustered into regions, and sub-clustered into availability zones, each of which is designed as an independent failure zone, meaning they are:
• Physically separated
• Located in lower-risk flood plains
• Equipped with independent uninterruptable power supplies and onsite backup generators
• Fed via different grids from independent utilities, and
• Redundantly connected to multiple tier-1 transit providers
3. High Availability
QUBS designs the Services for high availability and may use multiple availability zones. Availability practices may vary for beta or experimental services.
Liability and Indemnification
1. Limitation of Liability
To the maximum extent permitted by applicable law, in no event shall QUBS, its affiliates, directors, employees, or agents be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from your use of the Services or any conduct or content of any third party on the Services, even if QUBS has been advised of the possibility of such damages.
2. Indemnification
You agree to defend, indemnify, and hold harmless QUBS, its affiliates, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys' fees and costs, arising out of or in any way connected with your access to or use of the Services, or your breach of any representation, warranty, or other provision of this Security Policy.
3. Exceptions:
Nothing in this Security Policy shall be deemed to exclude or limit your liability for any indemnifiable claim to the extent that such exclusion or limitation would be prohibited by applicable law.
