Legal & Privacy

1. Information We Collect

When you use Qtonic Quantum's services, including the QScout security scanning platform, we collect:

• Contact Information: Email address, phone number, and company name provided during scan registration.
• Scan Data: Domain names submitted for scanning, publicly accessible TLS/SSL certificate information, HTTP response headers, DNS records, and scan results.
• Usage Data: Browser type, IP address, pages visited, and interaction patterns collected via analytics.
• Communications: Information you provide when contacting us for support or inquiries.

2. How We Use Your Information

• To deliver scan results and security assessment reports.
• To send you your executive snapshot, guided report deliverables where applicable, and follow-up communications about your scan results.
• To improve our scanning technology and service quality.
• To communicate about product updates, security advisories, and service announcements.
• To comply with legal obligations and protect our legitimate interests.

3. Data Retention

Scan results are retained for 90 days to allow you to access your reports. Contact information is retained for legitimate business purposes and can be deleted upon request. You may request deletion of your data at any time by contacting privacy@qtonicquantum.com.

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Cloud infrastructure (Zoho Cloud), email delivery, analytics services, and error tracking/performance monitoring (Sentry) that process data on our behalf.
• Legal Requirements: When required by law, regulation, or valid legal process.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing of your data.
• Data portability (receive your data in a structured format).

To exercise these rights, contact privacy@qtonicquantum.com.

6. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security assessments. See our Security Statement below for details.

7. International Transfers

Your data may be processed in the United States. We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws.

1. Acceptance of Terms

By using Qtonic Quantum's services, including the QScout security scanning platform, you agree to these Terms of Service. If you do not agree, you should not use the service.

2. Service Description

QScout provides passive security assessments of publicly accessible web infrastructure. The QScout Free snapshot performs non-intrusive analysis including TLS/SSL inspection, HTTP header analysis, DNS enumeration, and quantum readiness assessment. QScout connects only to publicly accessible endpoints and does not perform penetration testing, exploitation, or any unauthorized access.

3. Authorization Requirement

By submitting a domain for scanning, you represent and warrant that you have authorization to assess the security posture of the submitted domain. Qtonic Quantum is not responsible for scans submitted without proper authorization.

4. QScout Free Limitations

The QScout Free snapshot is limited to the authorized public surface accepted by the backend. Results are informational and should not be the sole basis for security decisions. For comprehensive assessments, contact us about QScout Surface, Silver, or Gold engagements.

5. Accuracy Disclaimer

Scan results reflect the state of publicly accessible endpoints at the time of scanning. Results may vary based on CDN configurations, geographic routing, load balancers, and other infrastructure factors. Qtonic Quantum does not guarantee that all vulnerabilities will be identified or that results will be errorless.

6. Limitation of Liability

Qtonic Quantum provides the service "as is" without warranties of any kind, express or implied. To the maximum extent permitted by law, Qtonic Quantum shall not be liable for any indirect, incidental, consequential, or punitive damages arising from your use of the service.

7. Prohibited Use

You agree not to:

• Submit domains you are not authorized to scan.
• Attempt to circumvent rate limits or scan restrictions.
• Use scan results to harm, attack, or exploit the scanned targets.
• Resell or commercially redistribute scan results without permission.

8. Governing Law

These terms are governed by the laws of the State of Florida, United States. Any disputes will be resolved in the courts of Miami-Dade County, Florida.

9. Changes to Terms

We may update these terms from time to time. Continued use of the service after changes constitutes acceptance of the updated terms.

Infrastructure Security

• Built on a cloud platform with provider-held SOC 2 Type II and ISO 27001 certifications (Zoho Cloud).
• Data encrypted in transit using TLS 1.3.
• Data encrypted at rest using AES-256.
• Regular security assessments and vulnerability scanning of our own infrastructure.

Application Security

• Rate limiting and abuse prevention on all API endpoints.
• Input validation and sanitization on all user inputs.
• SSRF protection to prevent internal network access.
• No storage of credentials or sensitive authentication tokens.

Responsible Disclosure

If you discover a security vulnerability in our services, please report it to security@qtonicquantum.com. We commit to acknowledging reports within 48 hours and providing status updates as we investigate.

1. Nature of Research

Qtonic Quantum Lab scores, rankings, and commentary constitute independent research opinions protected under the First Amendment of the United States Constitution. Published scores represent the output of automated analysis applied uniformly to all evaluated solutions. Scores are not endorsements, certifications, warranties, or guarantees of any product, service, or vendor. Qtonic Quantum has no obligation to any vendor regarding the outcome of its analysis.

2. Methodology

All solutions are evaluated using the same publicly disclosed methodology, applied without discrimination. The scoring methodology is documented at qtonicquantum.com/lab/methodology. Scores are computed across 10 published dimensions with expert oversight. Neither the methodology nor individual scores are influenced by vendor payments, sponsorships, or commercial relationships. The only way to improve a score is to improve the solution.

3. Data Sources

Analysis is based exclusively on publicly available information including open-source code repositories, published documentation, test vectors, NIST submissions, academic papers, and publicly accessible APIs. Qtonic Quantum Lab does not access proprietary source code, trade secrets, or confidential vendor materials unless explicitly provided by the vendor for evaluation.

4. Open Retest Policy

Any vendor, maintainer, or authorized representative may request a methodology retest of their solution at any time by contacting lab@qtonicquantum.com. New versions, patched vulnerabilities, updated certifications, and additional evidence are evaluated through the same automated evaluation process. Retest requests are processed under published review terms and without prejudice.

5. Independence

Qtonic Quantum Lab operates independently. No vendor pays for placement, ranking, or favorable treatment. There is no "pay-to-play" model. Commercial relationships between Qtonic Quantum and evaluated vendors (if any) do not influence Qtonic Quantum Lab scores. Scoring criteria are applied uniformly regardless of vendor size, market position, or relationship with Qtonic Quantum.

6. Accuracy & Limitations

Scores reflect the state of publicly available evidence at the time of evaluation. Results may change as solutions are updated, new evidence becomes available, or scoring methodology evolves. Qtonic Quantum does not guarantee that all relevant factors have been captured, that scores are errorless, or that rankings will remain static. Proprietary solutions for which source code is not publicly available may receive lower evidence classifications, which reflects the limitation of available evidence rather than a judgment on solution quality.

7. No Reliance

Qtonic Quantum Lab scores, rankings, and commentary are provided for informational purposes only. They should not be the sole basis for procurement decisions, vendor selection, compliance certifications, or security architecture choices. Organizations should conduct their own due diligence, including independent security assessments, before making technology decisions. Qtonic Quantum is not responsible for decisions made based on Qtonic Quantum Lab scores.

8. Limitation of Liability

Qtonic Quantum Lab scores and related content are provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. To the maximum extent permitted by law, Qtonic Quantum shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising from the publication, distribution, or use of Qtonic Quantum Lab scores, rankings, or commentary.

9. Trademarks

All product names, logos, and trademarks referenced in Qtonic Quantum Lab are the property of their respective owners. Use of these names is for identification and informational purposes only and does not imply endorsement by or affiliation with the trademark owners. "Qtonic Quantum Score," "Qtonic Quantum Lab," and "Qtonic Quantum" are trademarks of Qtonic Quantum Corp.

10. Dispute Resolution

Vendors who believe a score is inaccurate are encouraged to first use the methodology retest process. If a dispute remains unresolved after retest, the matter shall be governed by the laws of the State of Florida, United States, and resolved in the courts of Miami-Dade County, Florida. Before initiating legal action, the parties agree to a 30-day good-faith resolution period during which Qtonic Quantum will review the disputed score with fresh evidence provided by the vendor.