Legal & Compliance · Qtonic Quantum Corp
Legal & Privacy
Privacy Policy, Terms of Service, and Security Statement for Qtonic Quantum clients and visitors.
Privacy Policy
The canonical Qtonic Quantum Corp privacy policy lives at /legal/privacy. This legal index links to that policy instead of duplicating a second policy body, so buyers and privacy reviewers have one public source of truth.
Open canonical privacy policyTerms of Service
Last updated: April 20, 2026
1. Acceptance of Terms
By using Qtonic Quantum's services, including the QScout assessment platform, you agree to these Terms of Service. If you do not agree, you should not use the service.
2. Service Description
QScout provides approved-scope security assessments of publicly accessible web infrastructure. The QScout approved-scope signal performs non-intrusive analysis including TLS/SSL inspection, HTTP header analysis, DNS enumeration, and quantum readiness assessment. QScout connects only to publicly accessible endpoints and does not perform penetration testing, exploitation, or any unauthorized access.
3. Authorization Requirement
By submitting a domain for assessment intake, you represent and warrant that you have authorization to assess the security posture of the submitted domain. Qtonic Quantum is not responsible for assessment requests submitted without proper authorization.
4. QScout public intake Limitations
The QScout approved-scope signal is limited to the authorized public surface accepted by the backend. Results are informational and should not be the sole basis for security decisions. For comprehensive assessments, contact us about QScout Surface, Silver, or Gold engagements.
5. Accuracy Disclaimer
Assessment results reflect the state of publicly accessible endpoints at the time of review. Results may vary based on CDN configurations, geographic routing, load balancers, and other infrastructure factors. Qtonic Quantum does not guarantee that all vulnerabilities will be identified or that results will be errorless.
6. Limitation of Liability
Qtonic Quantum provides the service "as is" without warranties of any kind, express or implied. To the maximum extent permitted by law, Qtonic Quantum shall not be liable for any indirect, incidental, consequential, or punitive damages arising from your use of the service.
7. Prohibited Use
You agree not to:
- Submit domains you are not authorized to assess.
- Attempt to circumvent rate limits or assessment restrictions.
- Use assessment results to harm, attack, or exploit assessed targets.
- Resell or commercially redistribute assessment results without permission.
8. Governing Law
These terms are governed by the laws of the State of Florida, United States. Any disputes will be resolved in the courts of Miami-Dade County, Florida.
9. Changes to Terms
We may update these terms from time to time. Continued use of the service after changes constitutes acceptance of the updated terms.
Security Statement
Qtonic Quantum takes security seriously. As a security company, we hold ourselves to the standards we assess in others.
Infrastructure Security
- Built on a cloud platform with provider-held SOC 2 Type II and ISO 27001 certifications (Zoho Cloud).
- Data encrypted in transit using TLS 1.3.
- Data encrypted at rest using AES-256.
- Regular security assessments and vulnerability scanning of our own infrastructure.
Application Security
- Rate limiting and abuse prevention on all API endpoints.
- Input validation and sanitization on all user inputs.
- SSRF protection to prevent internal network access.
- No storage of credentials or sensitive authentication tokens.
Responsible Disclosure
If you discover a security vulnerability in our services, please report it to security@qtonicquantum.com. We aim to acknowledge valid reports within five business days and provide status updates as we investigate. These targets are aspirational and not contractual commitments.
Data Processing Agreement (DPA)
Qtonic Quantum Corp acts as a data processor when performing QScout security assessments on behalf of enterprise customers (data controllers).
Scope of Processing
- Data collected: Domain name, business email, TLS/certificate metadata from publicly accessible endpoints
- Purpose: Security assessment and compliance reporting only
- Retention: Request-intake records are retained only as needed for authorization review, routing, support, and legal obligations; governed assessment artifacts are retained according to the engagement boundary, deployment model, and contract terms
- Sub-processors: Zoho Cloud (SOC 2 Type II documented controls), Cloudflare (edge network), Upstash (rate limiting)
Standard Contractual Clauses
For international data transfers, Qtonic Quantum supports EU Standard Contractual Clauses (SCCs) as adopted by the European Commission. Enterprise customers requiring a signed DPA with SCCs should contact legal@qtonicquantum.com.
Technical & Organizational Measures
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Qtonic Quantum inherits SOC 2 Type II and ISO 27001 controls as a customer of Zoho's audited cloud platform; certificates are issued to Zoho Corporation, and Qtonic Quantum does not independently hold these certifications
- No personal data shared with third parties for marketing or profiling
- Access controls with role-based permissions and audit logging
Qtonic Quantum Lab Research Disclaimer
Last updated: April 20, 2026
1. Nature of Research
Qtonic Quantum Lab scores, rankings, and commentary constitute independent research opinions protected under the First Amendment of the United States Constitution. Published scores represent the output of automated analysis applied uniformly to all evaluated solutions. Scores are not endorsements, certifications, warranties, or guarantees of any product, service, or vendor. Qtonic Quantum has no obligation to any vendor regarding the outcome of its analysis.
2. Methodology
All solutions are evaluated using the same publicly disclosed methodology, applied without discrimination. The scoring methodology is documented at qtonicquantum.com/lab/methodology. Scores are computed across 10 published dimensions with expert oversight. Neither the methodology nor individual scores are influenced by vendor payments, sponsorships, or commercial relationships. The only way to improve a score is to improve the solution.
3. Data Sources
Analysis is based exclusively on publicly available information including open-source code repositories, published documentation, test vectors, NIST submissions, academic papers, and publicly accessible APIs. Qtonic Quantum Lab does not access proprietary source code, trade secrets, or confidential vendor materials unless explicitly provided by the vendor for evaluation.
4. Open Retest Policy
Any vendor, maintainer, or authorized representative may request a methodology retest of their solution at any time by contacting lab@qtonicquantum.com. New versions, patched vulnerabilities, updated certifications, and additional evidence are evaluated through the same automated evaluation process. Retest requests are processed under published review terms and without prejudice.
5. Independence
Qtonic Quantum Lab operates independently. No vendor pays for placement, ranking, or favorable treatment. There is no "pay-to-play" model. Commercial relationships between Qtonic Quantum and evaluated vendors (if any) do not influence Qtonic Quantum Lab scores. Scoring criteria are applied uniformly regardless of vendor size, market position, or relationship with Qtonic Quantum.
6. Accuracy & Limitations
Scores reflect the state of publicly available evidence at the time of evaluation. Results may change as solutions are updated, new evidence becomes available, or scoring methodology evolves. Qtonic Quantum does not guarantee that all relevant factors have been captured, that scores are errorless, or that rankings will remain static. Proprietary solutions for which source code is not publicly available may receive lower evidence classifications, which reflects the limitation of available evidence rather than a judgment on solution quality.
7. No Reliance
Qtonic Quantum Lab scores, rankings, and commentary are provided for informational purposes only. They should not be the sole basis for procurement decisions, vendor selection, compliance certifications, or security architecture choices. Organizations should conduct their own due diligence, including independent security assessments, before making technology decisions. Qtonic Quantum is not responsible for decisions made based on Qtonic Quantum Lab scores.
8. Limitation of Liability
Qtonic Quantum Lab scores and related content are provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. To the maximum extent permitted by law, Qtonic Quantum shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising from the publication, distribution, or use of Qtonic Quantum Lab scores, rankings, or commentary.
9. Trademarks
All product names, logos, and trademarks referenced in Qtonic Quantum Lab are the property of their respective owners. Use of these names is for identification and informational purposes only and does not imply endorsement by or affiliation with the trademark owners. "Qtonic Quantum Score," "Qtonic Quantum Lab," and "Qtonic Quantum" are trademarks of Qtonic Quantum Corp.
10. Dispute Resolution
Vendors who believe a score is inaccurate are encouraged to first use the methodology retest process. If a dispute remains unresolved after retest, the matter shall be governed by the laws of the State of Florida, United States, and resolved in the courts of Miami-Dade County, Florida. Before initiating legal action, the parties agree to a 30-day good-faith resolution period during which Qtonic Quantum will review the disputed score with fresh evidence provided by the vendor.
Contact Us
For privacy, legal, or security inquiries:
Email: legal@qtonicquantum.com
Privacy: privacy@qtonicquantum.com
Security: security@qtonicquantum.com
EU/UK Representative
For matters related to the EU General Data Protection Regulation (GDPR) or UK Data Protection Act, please contact our designated representative at gdpr@qtonicquantum.com
California Privacy Rights (CCPA)
Qtonic Quantum does not sell your personal information. California residents have the right to:
- Know what personal information is collected
- Request deletion of personal information
- Opt-out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising privacy rights
To exercise these rights, contact privacy@qtonicquantum.com