Quotaflow
  • Features
    Model access
    AI GatewayOpenAI-compatible wallet execution for BYOK, routing, and token ledger.Inference supply monitorMonitor authorized supply; agents bid and lock discounted resources.Route auditVerify wallet supply provenance, downgrade risk, and route confidence.Wallet context layerReusable knowledge, skills, and context for every agent workflow.AI spend insightsTrack token spend, supply savings, usage, and workflow ROI.
  • Build with Quotaflow
    AI wallet setupConfigure BYOK keys, model routes, wallet balances, and SDK setup.llms.txtLLM-readable product and API context.
  • Resources
    Learn
    BlogToken ROI, context sharing, and AI ops notes.Case studiesHow teams reduce AI spend and ship faster.SecurityGoverned team usage, access, and audit controls.
  • Choose your Quotaflow path
    Developer / OPCPersonal wallet for OPCs using plans, BYOK, agents, and APIs.TeamTeam wallet for shared context, ROI, usage controls, and locked discounts.EnterpriseBulk inference hedge, private supply, secure deployment, direct paths.PartnersPartner discount tiers for agencies, resellers, and open-source projects.
  • Pricing
Log inSign up

Security Disclosure

Responsible Security Disclosure Policy

Last updated: June 27, 2026

Quotaflow welcomes responsible disclosure of security vulnerabilities that may affect the confidentiality, integrity, or availability of our systems. This page provides a safe and transparent way to report legitimate vulnerabilities without creating unnecessary operational or legal risk.

Overview

This is a responsible disclosure program, not a public bug bounty. Reports are reviewed based on severity, reproducibility, affected systems, and customer risk.

Security reports may involve account access, workspace isolation, AI gateway routing, usage metadata, quota controls, billing or usage manipulation, injection risks, or infrastructure configuration.

How to report a vulnerability

Send security concerns to security@quotaflow.ai with Security Disclosure in the subject. Include a clear description, affected asset or endpoint, reproduction steps or proof of concept, and the potential impact if exploited.

Where possible, include affected URLs, account or workspace identifiers, timestamps, request IDs, and enough detail for our team to reproduce the behavior without exposing private prompts, secrets, regulated data, or customer confidential content.

Scope

In-scope issues include authentication or authorization bypass, cross-workspace data exposure, unauthorized access to data, privilege escalation, model-route visibility problems, and demonstrable vulnerabilities in Quotaflow-operated production services.

Out-of-scope issues include denial-of-service testing, traffic flooding, automated scanning, mass-reported findings without exploitability, social engineering, physical attacks, and vulnerabilities in third-party services unless directly exploitable in Quotaflow systems.

Rules of engagement

Act in good faith, avoid automated scanning, fuzzing, brute-force attacks, spam workflows, or service disruption, and stop testing once a vulnerability is confirmed.

Do not access, modify, delete, or exfiltrate data that does not belong to you. Testing should be limited to your own account or explicitly authorized environments. If you encounter other customer data, stop and report immediately.

Safe harbor

Quotaflow does not pursue legal action against individuals who follow this policy, act in good faith, avoid privacy violations, avoid data destruction, and avoid service disruption.

This safe harbor applies only to activities conducted within the scope of this policy. Public disclosure should wait until the issue is resolved and a coordinated disclosure timeline is agreed where applicable.

Response expectations

We aim to acknowledge valid, in-scope reports within five business days. Remediation timelines depend on severity, customer risk, and business impact.

We do not guarantee detailed status updates, public recognition, or financial rewards.

Quotaflow logo

3x Your AI Token ROI

Product

  • Models
  • Platform
  • Pricing
  • Supply monitor
  • Docs

Features

  • Token routing
  • Usage insights
  • Shared context
  • Team quotas
  • Team context sharing

Company

  • About
  • Support
  • Sales
  • Enterprise
  • Blog
  • Partner Program
  • Case studies

Policies

  • Terms
  • Privacy
  • Cookies
  • Security
  • Trust Center
  • Enterprise Safe Mode
  • Security Disclosure
All systems normal.
© 2026 Quotaflow. All rights reserved.
© 2026 Quotaflow. All rights reserved.