Security & Sovereignty

Cryptographic integrity for planetary-scale logic.

QuantumCollapse does not ask you to trust us. Every result carries a mathematical proof of its own correctness and a cryptographic signature you can verify independently. Your circuits are computed, certified, and discarded. We retain nothing but a hash.

Proof, Not Trust

Proprietary Kernel Architecture

The computation engine is a hardened, proprietary binary. We do not permit external source-code access. The security of your results does not depend on inspecting our implementation — it depends on mathematics.

Mathematical Attestation

Every GOLD-certified result is self-verifying. The engine computes C†C and verifies it returns |0⟩ — a deterministic mathematical proof that the result is correct. This supersedes the need for manual code review. If the proof passes, the answer is proven. If it fails, we tell you.

Non-Repudiation

All results are signed using ECDSA P-256 (FIPS 186-5). The signature binds the input hash, result, topology classification, and certification level into a tamper-evident receipt. Verification is independent and offline.

→ /.well-known/signing-key.pem

Zero Data Retention

Volatile Execution

Circuit payloads exist only in process memory during computation. No intermediate state is written to disk. No temporary files are created. The process terminates and its memory space is released after each request.

Immediate Purge

Post-execution, the only artefact that persists is a SHA-3 (Keccak-256) hash of the normalised input — sufficient for audit trail purposes, but computationally irreversible. We store zero bytes of your circuit data.

No Circuit Database

We do not maintain a database of user circuits. If compelled by legal process, we would produce only a log of timestamps, SHA-3 hashes, and qubit counts. The original circuit data does not exist in our infrastructure.

Data Sovereignty & Residency

Region	Location	Compliance	Status
eu-west-2	London, UK	UK DUA Act 2025 · NSI Act	Active
eu-central-1	Frankfurt, DE	GDPR · EU AI Act	Planned
us-east-1	N. Virginia, US	SOC 2 · ITAR	Planned

Enterprise customers select their Sovereign Home at onboarding. Circuit data never leaves the designated region. Billing telemetry (qubit counts and timestamps only) is processed centrally in the UK.

Compliance & Auditing

Black Box Infrastructure Audit

Enterprise customers may conduct infrastructure audits of network egress, memory allocation, and container isolation to verify our Zero Data Retention claims — without accessing the proprietary engine source. The mathematical attestation proves correctness; the infrastructure audit proves containment.

Software Escrow

Business continuity is guaranteed via neutral third-party software escrow. In the event of corporate discontinuity, escrowed source is released to qualifying licensees under pre-agreed terms. Your operations are protected regardless of our corporate status.

Q3 2026

Penetration Test

Independent third-party penetration test of the API gateway and kernel isolation boundary.

Q4 2026

ISO 27001 Certification

Full ISMS certification audit with accredited body. Infrastructure follows Annex A control framework.

Q1 2027

SOC 2 Type II

Service Organisation Controls report covering security, availability, and confidentiality trust principles.

Air-Gapped Deployment

For organisations with sovereign or classified processing requirements, QuantumCollapse is available as a hardened, pre-compiled container image for deployment within your own infrastructure. The engine operates with no outbound network connectivity. No telemetry. No phone-home.

Contact for Air-Gapped Licensing

Verify a Receipt

Every QuantumCollapse receipt is ECDSA-signed. Paste a receipt below to verify its authenticity. This verification runs entirely in your browser using the Web Crypto API — no data is sent to any server.

Paste a QuantumCollapse receipt

Questions about our security posture?

Contact Security Team