Security

QNSP Cloud is a managed platform. We secure the underlying infrastructure and platform services. You control your tenant configuration, user access, and how you use the platform to process data.

• QNSP: platform security, service hardening, cryptographic controls, audit evidence integrity, incident response for platform incidents.
• Customer: identity administration, tenant policy configuration, access reviews, data classification, and secure handling of exported data.

Private/VPC/sovereign and air-gapped deployments shift responsibilities based on the chosen deployment model.

QNSP stores customer content and related metadata within your tenant. Retention policies are configurable per dataset/object class, and lifecycle events are audited.

• Retention controls: configurable retention periods and modes.
• Deletion: soft delete and hard delete; where tenant-managed encryption keys are used, key-destruction can be applied to render data irrecoverable.
• Termination: export window and deletion on termination as defined in contractual terms.

For detailed legal terms, refer to the Terms.

• In transit: TLS is used for client-to-edge communications; internal service-to-service encryption depends on deployment topology and configuration.
• At rest: customer content is encrypted at rest; QNSP supports envelope encryption patterns and key rotation workflows.
• HSM integration: PKCS#11-based integration supports common HSM vendors in customer deployments.
• Key boundaries: key management and cryptographic operations are performed by dedicated platform components (Vault/KMS) with policy enforcement and audit logging.

Exact key custody and BYOK/BYOH options depend on deployment model and tenant configuration.

• Tenant isolation: each tenant is logically isolated with policy-enforced access controls.
• Authentication: password and WebAuthn flows are supported; enterprise SSO integrations (OIDC/SAML) are available on eligible tiers and deployments.
• Authorization: least-privilege access patterns, with centralized access control decisions and audit logging.
• Audit logging: security-relevant actions are recorded to a tamper-evident audit trail with checkpoints.

SCIM provisioning is not advertised on this page; contact security@cuilabs.io for current identity integration options.

QNSP maintains an incident response process covering detection, triage, containment, remediation, and recovery. For critical incidents affecting hosted production, customer notifications are provided based on severity and applicable regulatory requirements.

Report security concerns: security@cuilabs.io

QNSP security controls are designed to support common compliance requirements. Current certifications, attestations, and customer-facing reports (if applicable) are available upon request.

We avoid listing specific certifications here unless contractually verified and in-scope for your deployment.