Last reviewed: February 1, 2026
TL;DR: Your data never touches public models. AES-256 encryption. SOC 2 Type II. Sovereign cloud. Full audit trails.
Certifications & Compliance
| Standard | Status | Details |
|---|---|---|
| SOC 2 Type II | ✓ Certified | Audited annually |
| GDPR | ✓ Compliant | Full EU compliance |
| CCPA | ✓ Compliant | California compliance |
| HIPAA | In Progress | Expected Q2 2026 |
| ISO 27001 | In Progress | Expected Q3 2026 |
Infrastructure
Sovereign Deployment
Every agent runs in isolated sovereign cloud. Your data never leaves your region. AWS, GCP, Azure supported.
Encryption
- At Rest: AES-256
- In Transit: TLS 1.3
- Key Management: Customer-managed keys on Enterprise
Network
- VPC isolation per customer
- WAF protection
- DDoS mitigation
- IP allowlisting available
Data Protection
Zero Public Model Exposure
Your data never touches public AI models. All training and inference on private infrastructure.
Isolation
Full infrastructure-level isolation. Zero cross-tenant access. Engineering team cannot access your data without authorization.
Access Controls
- RBAC: Granular permissions
- SSO: SAML 2.0 / OIDC
- MFA: Enforced for all accounts
- Audit Logs: Complete trail of all activity
Operational Security
- Quarterly penetration testing
- Continuous vulnerability scanning
- 24/7 incident response
- Background checks and security training
- Bug bounty program
Agent Confidence Controls
- High: Acts autonomously
- Medium: Suggests, requests approval
- Low: Escalates to human
You define thresholds. Every decision logged and reversible.
Incident Response
- Customers notified within 24 hours
- Root cause analysis within 72 hours
- Remediation plan shared
- Post-incident review published
Report a Vulnerability
Email: security@qunalinx.com
We acknowledge within 24 hours, resolve critical issues within 48 hours.
Questions? security@qunalinx.com