Security

Last updated: November 6, 2025

Who we are. Qwen AI Chat is an independent, unofficial website. We are not affiliated with, endorsed by, or sponsored by Alibaba, Qwen, or Alibaba Cloud.

Security at a glance

  • No account required: We don’t use passwords or payment data.
  • Chat inputs only: To use the chat, you don’t need to provide contact details. Please don’t include sensitive data in prompts.
  • Contact & comments: If you contact us or leave a comment, we collect name and email (emails not published) for replies and moderation.
  • No file uploads on this site.
  • Protected by Cloudflare: DDoS mitigation, WAF, bot management, and secure edge caching.
  • Encryption: All pages are served over HTTPS/TLS.
  • Consent & privacy controls: We use a Google‑approved CMP with Consent Mode v2 in EEA/UK/CH; manage choices anytime via Privacy Choices (footer).
  • Independent & transparent: We clearly label unofficial status and keep policies consistent across pages.

1) Data handling & retention

  • Chat prompts & responses: Processed to operate the feature and keep the service reliable/safe. Retained up to 30 days for abuse prevention/debugging, then deleted or anonymized.
  • Contact & comments: Name, email, and message/comment content used to reply and moderate. Retained up to 24 months from last interaction (or sooner upon valid request).
  • Security/traffic logs: IP address, user‑agent, timestamps, URLs, and error logs retained up to 90 days for security and reliability, then deleted or anonymized.
  • No special categories: We don’t intentionally process sensitive categories. Please avoid submitting personal/sensitive info in prompts or comments.

2) Infrastructure & network security

  • Cloudflare WAF & DDoS protection: Malicious traffic is filtered at the edge; rate‑limiting and bot controls help prevent abuse.
  • Transport security: TLS for data in transit; HSTS where supported.
  • Isolation & least privilege: Only authorized team members have access to production systems and logs, with role‑based, least‑privilege access and audit trails.

3) Application security

  • No file uploads: We do not accept user file uploads, reducing attack surface.
  • Input handling: Prompts and forms are validated and rate‑limited; suspicious activity may be blocked.
  • Dependencies & updates: We patch dependencies and apply security updates regularly; we review changes before deployment.

4) User‑generated content (UGC)

  • Comments are moderated before or after publication per our Comment Policy.
  • We remove UGC that violates our terms (illegal, harmful, adult, hate, spam, or unsafe links).
  • Ads (when present) are kept away from policy‑risk UGC.

5) Privacy & consent controls

  • CMP & Consent Mode v2 (EEA/UK/CH): Non‑essential tags (analytics/ads) are limited until consent.
  • Privacy Choices: Change or withdraw consent anytime using the footer link.
  • Global Privacy Control (GPC): We honor supported “Do Not Sell/Share” signals where applicable.
  • For full details, see our Privacy Policy.

6) Incident response

  • We monitor for suspicious activity and service disruptions.
  • If a security incident affects personal data, we will investigate, mitigate, and notify users/authorities as required by law.

7) Responsible use guidance

  • Don’t include personal, confidential, or sensitive information in chat prompts or comments.
  • Use the service lawfully and follow our Terms and Comment Policy.
  • If you need enterprise‑grade guarantees, consider the official Qwen services.

8) Vulnerability disclosure

If you believe you’ve found a vulnerability or security/privacy issue, please email [email protected] with details. We appreciate responsible disclosure and will review promptly.

Note: When we link to or route you to official Qwen services, their own security and privacy practices apply. Qwen, Alibaba, and Alibaba Cloud are trademarks of their respective owners.