Incident Response

Qpher maintains a documented incident response process covering detection, triage, containment, eradication, recovery, and post-incident review. Security incidents are classified by severity (Critical, High, Medium, Low) with corresponding response time targets. Critical incidents trigger immediate response with continuous updates until resolution. All incidents produce a post-mortem report documenting root cause, impact, timeline, and preventive measures. Security vulnerabilities can be reported to security@qpher.ai. Qpher acknowledges reports within 48 hours and provides a triage assessment within 7 days. Good-faith security researchers are protected by a safe harbor policy.

In the event of a personal data breach, Qpher commits to notifying affected customers within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. Notification includes the nature of the breach, categories and approximate number of affected records, likely consequences, and measures taken or proposed to address the breach. Qpher also notifies the relevant supervisory authority within the same 72-hour window when required. Enterprise customers with custom DPA terms may have additional notification requirements specified in their agreement. Breach notifications are delivered via email and in-portal notification to all affected tenant administrators.

Qpher operates a public status page at status.qpher.ai (powered by BetterStack) that provides real-time visibility into platform availability. The status page monitors all critical services including the API Gateway, KEM Service, Signature Service, KMS-Orchestrator, and User Portal. Planned maintenance is announced at least 72 hours in advance via the status page and email notification. Customers can subscribe to status updates via email or RSS. Historical uptime data and incident reports are publicly accessible on the status page.