AdministrationSecurity and privacy

Administration

Security and privacy

Data, privacy, and responsible-use principles when operating automations, agents, and reports.

Updated: 2026-05-17

Base principle

Quantum should capture only the information needed to operate the configured use case.

Users should not upload secrets, credentials, tokens, or sensitive documents unless the screen explicitly requests them.

Data that usually makes sense

  • Report recipient emails.
  • Operation identifiers.
  • Tracking references.
  • Language and time zone preferences.
  • Configuration state.
  • Usage and impact metrics.

Data that should not be uploaded without approval

  • Passwords.
  • Tokens.
  • API keys.
  • Confidential documents that are not required.
  • Unnecessary personal data.
  • Full payloads from internal systems.
  • Sensitive financial information without approved context.

Replays and product analytics

When analytics or replay tools are used, they should be configured with input masking and privacy controls.

The goal is to improve experience, find friction, and understand adoption, not to capture sensitive information.

Internal documentation

Architecture details, runbooks, technical contracts, and internal decisions are kept separate from these product guides.