Qt Appendix for Privacy and Security

Version 2024-02, compliant with Qt License Agreement 4, Frame Agreement 2023-06, or later.
Applies for Qt Appendix for Development Framework, Qt Appendix for Squish, Coco, and Test Center, and Qt Appendix for Qt Insight.

1. Any capitalized terms used but not defined in this Qt Appendix for Privacy and Security (“Appendix”) will have the meaning as set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Appendix, the Appendix shall govern. 

The Qt Company has implemented and will maintain the following technical and organizational security measures:

2. INFORMATION SECURITY. The Qt Company will maintain an information security program designed to (a) secure personal data against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable risks to the security and availability of Qt systems, and (c) minimize physical and logical security risks to Qt systems, including through regular risk assessment and testing. The Qt Company will designate one or more employees to coordinate and be accountable for the information security program.


3.1. All employees, contractors, and partners of The Qt Company will have access to The Qt Company's systems and data on a need-to-know basis only.

3.2. Access to confidential information and data will be restricted based on role-based access controls.

3.3. Processes for revoking access to systems and data when employees, Contractors, or partners leave The Qt Company or no longer require access.


4.1. All sensitive data will be encrypted when stored or transmitted.

4.2. The Qt Company will implement controls to prevent the unauthorized disclosure of confidential data.

4.3. The Qt Company will maintain backup and recovery procedures to ensure the availability of critical systems and data.


5.1. The Qt Company will implement an incident response plan (IRP) to identify, contain, remediate, and report security incidents.

5.2. The IRP will be regularly reviewed and tested to ensure its effectiveness.

5.3. Procedures will be put into place to correct and avoid any deviations and incidents.

5.4. All employees, contractors, and partners of The Qt Company will be required to report suspected security incidents.

5.5. The Qt Company will implement and maintain a Business Continuity Policy (BCP) designed to ensure the continuity of essential business functions and minimize the impact of potential disruptions.

6. EMPLOYEES. The Qt Company will implement and maintain employee security training programs regarding the Qt Company’s information security requirements. The security awareness training programs will be reviewed and updated at least annually.


7.1. Policies and procedures documents will be reviewed at least yearly and after any internal testing. The Qt Company will update or alter its information security program as necessary to respond to new security risks and to take advantage of new technologies. 

7.2.  The Qt Company will perform regular external vulnerability assessments, and will investigate identified issues and track them to resolution in a timely manner. 

7.3. Before publicly launching new Services or significant new features of Services, The Qt Company will perform application security reviews designed to identify, mitigate and remediate security risks.