Company
Security
Security embedded in everything we build
Security at Q-CTRL
At Q-CTRL, security is fundamental to everything we do. As a global leader in quantum technology, we understand that our ability to innovate, scale, and earn trust depends on the security and resilience of the systems and information that power our business.
We’re committed to safeguarding our intellectual property, our people, our customers, and our partners. Working across sectors including defense, aerospace, enterprise and government, we adhere to the highest standards of confidentiality, integrity, and availability of information.
Built on trust and transparency
Our approach to information security is embedded in every layer of our operations, from product design, engineering and research to supplier management and employee training.
This foundation of trust and transparency ensures we deliver technology that our customers can rely on with confidence.
Compliance
Our security framework
Q-CTRL’s security program is guided by globally recognized standards and frameworks—externally audited for ISO 27001:2022 compliance by BSI, including:
NIST SP 800-171r3
Protection of Controlled Unclassified Information (CUI)
Core security principles
The foundation of everything we build and protect.
Secure by design
Every system and process is developed with security built in from the start.
Defense in depth
Multiple layers of protection safeguard our data, networks, and infrastructure.
Least privilege access
Access to systems and data is tightly controlled and regularly reviewed.
Continuous monitoring
Our systems are monitored for anomalies and potential threats 24/7.
Trusted partnerships
All suppliers and collaborators meet strict security and compliance standards.
People and culture
Security is a shared responsibility at Q-CTRL. Every team member, from new hires to executives, completes comprehensive security awareness training programs.
We maintain clear roles and responsibilities, background checks, and confidentiality agreements to ensure accountability across the organization.
Ongoing commitment
Our Information Security Management System (ISMS) is continuously reviewed and improved to adapt to evolving threats, new technologies, and regulatory requirements. We take a proactive approach to risk management, incident response, and business continuity to ensure resilience and reliability in everything we deliver.
At Q-CTRL, security enables innovation. It’s how we build trust, protect what matters, and accelerate the responsible commercialization of quantum technologies.
Frequently asked questions
How does Q-CTRL secure third-party integrations?
All third-party integrations are assessed through our supplier risk management program. Q-CTRL verifies compliance with security, privacy, and reliability standards before approval.
Does Q-CTRL support single sign-on (SSO)?
Yes. Q-CTRL supports single sign-on via Google and GitHub.
How are Q-CTRL’s products secured?
Q-CTRL’s products undergo secure code reviews, vulnerability scans, and penetration tests. Our software development lifecycle follows DevSecOps best practices.
How can I report a security vulnerability?
If you believe you’ve discovered a vulnerability, please email security@q-ctrl.com. Q-CTRL encourages responsible disclosure and appreciates the community’s support in keeping our systems secure.
Does Q-CTRL back up data?
Yes. Q-CTRL maintains encrypted backups of our data following AWS best practice.
How is internal access to systems managed?
Q-CTRL enforces the principle of least privilege (PoLP), applies multi-factor authentication (MFA) to all internal systems, and reviews access regularly.
Who can access my data?
Only authorized Q-CTRL employees who require access for operational or support purposes can view customer data. All access is role-based, logged, and subject to regular audit.
Where is Q-CTRL’s infrastructure hosted?
Q-CTRL systems are deployed on various cloud regions in AWS. AWS is independently audited and certified under multiple security frameworks, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, and SOC 3.
How does Q-CTRL protect customer data?
Q-CTRL applies industry-standard encryption (AES-256 for data at rest and TLS 1.2+ for data in transit), strict access controls, and continuous monitoring. Every access event is logged and reviewed to ensure confidentiality and integrity.
How can I request deletion of my data?
Please contact support@q-ctrl.com if you wish to permanently delete all services and data associated with your account.
Does Q-CTRL share or sell my information?
No. Q-CTRL does not, and will never, collect personal information for the purpose of on-selling that information to others for commercial gain. See Q-CTRL’s Privacy policy for more information.
What are Q-CTRL’s compliance obligations?
Q-CTRL adheres to all applicable legal, regulatory, and contractual requirements, including export controls, privacy, and data protection laws.
Our information security controls and processes align with:
- ISO/IEC 27001:2022.
- NIST SP 800-171 Rev 3.
- Defence Industry Security Program.
- Cyber Essentials.
- Export control requirements.
This ensures Q-CTRL meets global standards for confidentiality, integrity, and availability.
Is Q-CTRL compliant with data protection laws like GDPR?
Yes. Q-CTRL complies with the General Data Protection Regulation (GDPR) and other applicable global privacy frameworks.