Kepler Q-Max — Sonicium Quantum Lab

Trust · Security

Security at Kepler Q-Max

Quantum-grade rigor, classical-grade controls. Security is engineered into every layer of the platform — from the QPU training pipeline to the inference edge.

Encryption

AES-256 at rest. TLS 1.3 in transit. Per-tenant key derivation with envelope encryption.

Access control

SSO + MFA enforced for all employees. Production access via short-lived (15-min) JIT credentials.

Infrastructure

Hardened AWS multi-AZ. Private VPCs. Zero open ingress beyond the WAF. Daily encrypted backups.

Compliance

GDPR, CCPA, UK DPA. SOC 2 Type II audit in progress. ISO 27001 controls mapped and enforced.

Disclosure

Coordinated disclosure via security@sonicium.ltd. 90-day window, recognition for valid reports.

Monitoring

24/7 SIEM with anomaly detection. Quarterly external pentests. Annual red-team exercise.

Reporting a vulnerability

If you believe you've found a security vulnerability, email security@sonicium.ltd with reproduction steps. PGP key on request. Please don't disclose publicly until we've had 90 days to remediate.

See /.well-known/security.txt for our disclosure policy.

Compliance documents

SOC 2 Type II report, penetration test summaries, and the latest sub-processor list are available under NDA. Email trust@sonicium.ltd.