Security & Compliance Principles

Encryption & Data Protection

  • All data in transit is encrypted via TLS.
  • Sensitive data and key-material are never stored in plaintext.
  • Quantum-derived keys follow strict handling and lifecycle controls.

Access Control

  • Internal access follows principle-of-least-privilege.
  • Administrative actions are logged and monitored.
  • API access is authenticated and rate-limited.

Operational Controls

  • Dependency scanning and vulnerability checks
  • Secure build and deployment workflows
  • Reproducible releases and version tracking
  • Internal audit logging for sensitive operations

Key Management Practices

  • Hardware-backed key custody (cloud HSM where applicable)
  • Full key-material provenance tracking
  • Secure export controls for enterprise usage

Standards Alignment (Roadmap)

QbitShield is actively developing toward alignment with widely recognized security frameworks:

  • SOC 2 (Security, Availability) — internal program development in progress
  • ISO/IEC 27001 — policy alignment under review
  • NIST SP 800-22 — used for randomness testing of key material
  • NIST PQC integration — hybrid support with algorithms such as Kyber
  • FIPS-aligned cryptographic practices where applicable

We publish updates as validation work progresses.

Transparent Validation

QbitShield publishes its methodologies and results for:

  • QBER measurement
  • circuit fidelity analysis
  • randomness and entropy testing
  • hardware-based execution (IBM Brisbane, IonQ Aria-1)

All validation details are available at:

https://qbitshield.com/validation

Responsible Disclosure

If you believe you have discovered a security issue, please reach out.

We take all reports seriously and address them promptly.

support@qbitshield.com

To help us respond effectively, include:

  • a description of the issue
  • steps to reproduce
  • any relevant logs or context

Contact

For compliance questions, documentation, or review requests:

support@qbitshield.com