RQM Technologies LLC - Security Policy

This policy covers the public RQM Technologies storefront hosted at:
https://www.rqmtechnologies.com

Security Contact
- Email: security@rqmtechnologies.com
- Business contact: contact@rqmtechnologies.com

Public Storefront Controls
- HTTPS/TLS is required through Vercel and the custom domain.
- HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy are configured for the static storefront.
- Content-Security-Policy is staged in report-only mode before enforcement.
- robots.txt, sitemap.xml, security.txt, and government verification files are published as static assets.
- The public storefront intentionally avoids advertising and analytics tracking.

Static Deployment Scope
- The Vercel storefront is currently static.
- Express API rate limiting, server-side sessions, database-backed contact/admin/chat behavior, and server audit logging are not active on the static storefront.
- Backend/API migration is tracked separately from the public static deployment.

Responsible Disclosure
Please report suspected vulnerabilities, exposed secrets, classification issues, or public-content security concerns to security@rqmtechnologies.com.

Last updated: 2026-06-14