Security

Effective date: 24 April 2026

We take the security of your data seriously. This page summarises the technical and organisational measures we use to protect your personal information.

Authentication

Quantum Cube uses passwordless magic-link sign-in. There is no password for you to remember, reuse, or have stolen. Each sign-in link is single-use, time-limited, and sent only to your verified email address.

Encryption

All traffic between your device and our servers is encrypted using TLS 1.2 or higher. Account data is encrypted at rest on Supabase infrastructure. Passwords are not stored because we do not use passwords.

Payment security

Payment-card data is handled entirely by Paddle.com Market Limited, a PCI DSS-compliant payment processor and our Merchant of Record. Card numbers, CVVs, and banking details never touch our servers.

Access control

Access to production systems is restricted to authorised team members using two-factor authentication. Database access is governed by row-level security policies that ensure users can only read or write their own data. The paid/unpaid flag on your account is protected by server-side policy and cannot be modified by the client.

Data minimisation

We collect only what we need. We do not collect national ID numbers, passport numbers, physical addresses, or phone numbers. We do not operate advertising tracking, third-party analytics cookies, or cross-site tracking.

Infrastructure

• Static hosting: GitHub Pages, fronted by Cloudflare
• Database and authentication: Supabase, Frankfurt region, with automatic daily backups
• Email delivery: Resend, with SPF, DKIM, and DMARC configured on our domains
• Denial-of-service protection: Cloudflare

Incident response

If we become aware of a security incident affecting your personal information, we will notify affected users by email without undue delay, and report to the South African Information Regulator where required by POPIA.

Reporting a vulnerability

If you discover a security issue in Quantum Cube, please report it privately to support@quantumcube.app. Please do not publicly disclose the issue until we have had a reasonable opportunity to address it. We appreciate responsible disclosure.

Keeping your account secure

You can help protect your account by:

• Keeping access to your email account secure — that is how magic-link sign-in works
• Using a modern, up-to-date browser or operating system
• Not sharing sign-in links with anyone

Security improvements are delivered through app updates. Keep Quantum Cube up to date for the latest protections.