Security Statement
Last updated: December 11, 2025
At Quest, we take security seriously. During our pre-launch phase, the platform is still evolving, but we follow industry-standard practices to protect user information and maintain a secure environment.
1. Security Principles
We are committed to:
- Protecting personal data
- Maintaining confidentiality
- Ensuring systems are monitored and updated
2. Technical Safeguards (Pre-Launch)
We implement industry-standard protections including:
- Data encryption in transit (HTTPS/TLS) and at rest
- Encryption for private 1:1 chats between users
- Secure cloud hosting and infrastructure providers
- Principle of least privilege — employees are granted role-based access only to what they need to perform their job functions
- Access logging and monitoring for infrastructure and systems
- Regular code review, security assessments, and vulnerability checks
3. Data Storage
We store data necessary to operate the service, including:
- Account information (email, phone number, profile data)
- Onboarding and preference data
- Rumi conversation history
- Usage analytics and logs
All stored data is protected using the safeguards described above. For details on what we collect and how we use it, see our Privacy Policy.
4. Responsible Disclosure
If you discover a security vulnerability, we encourage responsible reporting. Please send details to:
We will acknowledge your report promptly and work to address verified vulnerabilities. Please do not perform denial-of-service testing or use automated scanning tools against our production systems.
5. Evolving Practices
As we launch and scale Quest, we will expand our security program, including:
- Third-party penetration testing and security audits
- Pursuit of industry-standard security certifications
- Formal incident response and breach notification processes
- Enhanced monitoring and threat detection
Updates will be posted here.