Legal & Privacy
Last Updated: January 2, 2026
This page contains our Privacy Policy, Terms of Service, and Security Statement. By using Qryptonic's services, you agree to these terms.
Privacy Policy
Information We Collect
Business Information We collect company name, business contact details, industry sector, and organizational structure information necessary to deliver our security assessment services.
Technical Data During security assessments, we collect system configurations, network architecture details, cryptographic implementations, vulnerability scan results, and related technical data required for comprehensive analysis.
Usage Data We collect information about how you interact with our platform including IP addresses, browser types, access times, and pages viewed.
Communications We retain records of emails, support tickets, and other communications between your organization and Qryptonic.
How We Use Your Information
Service Delivery We use collected information to conduct security assessments, generate reports, provide recommendations, and deliver contracted services.
Security Operations Technical data is analyzed to identify vulnerabilities, assess cryptographic implementations, and evaluate quantum computing threats to your systems.
Communication We use contact information to deliver reports, provide updates, respond to inquiries, and communicate about service-related matters.
Legal Compliance We process data as required to comply with legal obligations, enforce our agreements, and protect our rights.
Data Retention
Assessment Data Technical findings and assessment results are retained for 7 years to support ongoing security posture tracking and comparative analysis.
Business Records Contracts, invoices, and business communications are retained according to applicable financial record-keeping requirements, typically 7 years.
Platform Data User account information and platform usage data are retained for the duration of the business relationship plus 3 years.
Data Protection
Encryption All data in transit is protected using TLS 1.3 or higher. Data at rest is encrypted using AES-256 or equivalent post-quantum cryptographic standards where implemented.
Access Controls Access to client data is restricted to authorized personnel on a need-to-know basis. All access is logged and monitored.
Infrastructure Security Our systems are hosted in SOC 2 Type II certified facilities with multiple layers of physical and digital security controls.
Incident Response We maintain documented incident response procedures. In the event of a data breach affecting your information, we will notify you within 72 hours of discovery.
Data Sharing
No Sale of Data We do not sell, rent, or trade client information under any circumstances.
Service Providers We may share limited data with vetted service providers (cloud hosting, security tools) who are bound by confidentiality agreements and process data only on our instruction.
Legal Requirements We may disclose information when required by law, court order, or government investigation, but will notify you unless legally prohibited.
Business Transfers In the event of a merger, acquisition, or sale of assets, client data may be transferred to the acquiring entity subject to the same privacy protections.
Your Rights
Access You have the right to request copies of the personal information we hold about your organization.
Correction You may request correction of inaccurate or incomplete information.
Deletion You may request deletion of your data subject to our legal retention obligations and legitimate business interests.
Data Portability You may request your data in a structured, machine-readable format.
Objection You may object to processing of your data for specific purposes where we rely on legitimate interests as our legal basis.
To exercise these rights, contact legal@qryptonic.com.
International Data Transfers
We operate globally with offices in the United States and Israel. Data may be transferred to and processed in these jurisdictions. We implement appropriate safeguards including standard contractual clauses approved by regulatory authorities.
Cookies and Tracking
Our website uses essential cookies for functionality and analytics cookies to understand usage patterns. You can disable non-essential cookies through your browser settings without affecting core functionality.
Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect information from minors.
Contact for Privacy Matters
Privacy Officer
Qryptonic LLC
Email: legal@qryptonic.com
Address: Miami, Florida USA
For EU/UK matters, contact our designated representative at gdpr@qryptonic.com.
Terms of Service
Acceptance of Terms
By engaging Qryptonic's services, you accept these Terms of Service. If you do not agree, do not use our services.
Service Description
Qryptonic provides enterprise cryptographic security assessments including vulnerability scanning, penetration testing, post-quantum cryptography readiness analysis, and related advisory services.
Service Delivery
Scope Definition Services are delivered according to agreed Statements of Work (SOW) or Master Service Agreements (MSA). The SOW defines specific deliverables, timelines, and acceptance criteria.
Client Responsibilities You agree to provide timely access to systems, personnel, and documentation necessary for assessment completion. Delays caused by client unavailability may extend delivery timelines.
Assessment Methodologies We employ industry-standard methodologies including NIST frameworks, OWASP testing protocols, and proprietary quantum threat assessment procedures.
Reporting Findings are delivered in written reports with executive summaries, technical details, risk ratings, and remediation recommendations.
Intellectual Property
Client Ownership You retain all rights to your systems, data, and proprietary information. Assessment reports and findings specific to your organization are your property.
Qryptonic IP Our methodologies, tools, frameworks, templates, and proprietary analysis techniques remain our intellectual property. You may not reverse engineer, reproduce, or distribute our tools or methodologies.
Residual Knowledge We may retain and use general knowledge, experience, and insights gained during engagements for service improvement, provided no client-specific confidential information is disclosed.
Confidentiality
Mutual Obligations Both parties agree to maintain confidentiality of information marked as confidential or that would reasonably be considered confidential.
Exclusions Confidentiality obligations do not apply to information that is publicly available, independently developed, or lawfully received from third parties.
Term Confidentiality obligations survive contract termination for 5 years.
Limitations of Liability
Assessment Scope Our assessments are point-in-time evaluations based on the agreed scope. We do not guarantee identification of all vulnerabilities or that your systems are completely secure.
Limitation of Damages Our total liability for any claims arising from services is limited to the fees paid for the specific engagement giving rise to the claim, not to exceed $1,000,000 in aggregate.
Consequential Damages Neither party is liable for indirect, incidental, consequential, or punitive damages including lost profits or business interruption.
Exceptions Liability limitations do not apply to breaches of confidentiality, intellectual property infringement, or gross negligence/willful misconduct.
Warranties and Disclaimers
Professional Standards We warrant that services will be performed in a professional manner consistent with industry standards.
Disclaimer Services are provided "as is" without warranties of any kind beyond those explicitly stated. We disclaim all implied warranties including merchantability and fitness for a particular purpose.
No Guarantee We do not warrant that our assessments will prevent security breaches or that your systems will be free from vulnerabilities after remediation.
Payment Terms
Fees Fees are specified in the applicable SOW or MSA. Standard payment terms are Net 30 from invoice date.
Late Payment Overdue amounts accrue interest at 1.5% per month or the maximum rate permitted by law, whichever is lower.
Expenses Reasonable expenses such as travel for on-site assessments are billed at cost with prior approval.
Term and Termination
Project Term Individual projects terminate upon delivery and acceptance of final reports.
Ongoing Services Retainer or subscription services continue until terminated by either party with 30 days written notice.
Termination for Cause Either party may terminate immediately for material breach that remains uncured after 15 days written notice.
Effect of Termination Upon termination, you pay for services completed through the termination date. Confidentiality and IP provisions survive termination.
Indemnification
Client Indemnity You indemnify us against claims arising from your use of our reports, your systems or data, or your breach of these terms.
Qryptonic Indemnity We indemnify you against claims that our services infringe third-party intellectual property rights, provided you notify us promptly and allow us to control the defense.
Compliance and Ethics
Legal Compliance Both parties will comply with applicable laws including export controls, data protection regulations, and industry-specific requirements.
Ethical Conduct We adhere to professional ethical standards. We will not perform unauthorized testing or access systems without proper authorization.
Export Controls Our services may be subject to U.S. export controls. You agree not to use our services or deliverables in violation of applicable export laws.
Dispute Resolution
Governing Law These terms are governed by the laws of the State of Florida, USA, without regard to conflict of laws principles.
Jurisdiction Disputes will be resolved in state or federal courts located in Miami-Dade County, Florida.
Arbitration For disputes involving amounts under $100,000, parties agree to binding arbitration under AAA Commercial Arbitration Rules before litigation.
Force Majeure
Neither party is liable for failure to perform due to circumstances beyond reasonable control including natural disasters, war, terrorism, pandemics, or government actions.
Entire Agreement
These Terms, together with applicable SOWs and MSAs, constitute the entire agreement and supersede all prior agreements or understandings.
Modifications
We may update these Terms with 30 days notice. Continued use of services after the effective date constitutes acceptance.
Assignment
You may not assign your rights or obligations without our prior written consent. We may assign to affiliates or in connection with business transfers.
Security Statement
Our Commitment
As a quantum cybersecurity firm, we hold ourselves to the highest security standards and implement defense-in-depth strategies across our operations.
Infrastructure Security
Cloud Architecture Our platform operates on AWS and Azure infrastructure with multi-region redundancy, automated failover, and continuous monitoring.
Network Security All network traffic is encrypted in transit using TLS 1.3. Internal networks employ microsegmentation and zero-trust architecture principles.
Access Management We enforce multi-factor authentication, role-based access controls, and least-privilege principles. Access is reviewed quarterly.
Endpoint Protection All company devices use enterprise-grade endpoint detection and response (EDR) tools, full-disk encryption, and automated patching.
Data Security
Encryption at Rest Client data is encrypted using AES-256-GCM with key management through AWS KMS and Azure Key Vault. We are implementing post-quantum cryptographic standards as they become available.
Encryption in Transit All data transmission uses TLS 1.3 with perfect forward secrecy. Legacy protocols (SSLv3, TLS 1.0/1.1) are disabled.
Key Management Cryptographic keys are generated using hardware security modules (HSMs), rotated regularly, and never stored in plaintext.
Data Segregation Client data is logically segregated in our systems. Multi-tenant data is isolated using cryptographic techniques and access controls.
Operational Security
Security Monitoring We operate a 24/7 Security Operations Center (SOC) with SIEM tools monitoring all systems for anomalies and threats.
Incident Response We maintain documented incident response procedures tested quarterly through tabletop exercises. Our mean time to detection (MTTD) target is under 15 minutes.
Vulnerability Management Systems are scanned weekly for vulnerabilities. Critical vulnerabilities are patched within 72 hours; high-severity within 7 days.
Penetration Testing We conduct annual third-party penetration testing of our infrastructure and applications. Results inform our security roadmap.
Personnel Security
Background Checks All employees undergo background checks appropriate to their role and jurisdiction.
Security Training Personnel receive security awareness training quarterly and role-specific training annually. Developers receive secure coding training.
Access Revocation Access is revoked immediately upon termination. Offboarding procedures ensure all credentials, devices, and data are recovered.
Application Security
Secure Development We follow secure software development lifecycle (SSDLC) practices with security reviews at each phase.
Code Review All code undergoes peer review with security-focused checklist items before deployment.
Dependency Management Third-party libraries are scanned for known vulnerabilities. Critical dependencies are updated within 48 hours of patch availability.
API Security APIs use OAuth 2.0 with short-lived tokens, rate limiting, input validation, and comprehensive logging.
Compliance and Certifications
Current Status We maintain controls aligned with SOC 2 Type II, ISO 27001, and NIST Cybersecurity Framework requirements.
Audit Rights Enterprise clients may request copies of our SOC 2 reports under NDA. On-site audits may be arranged for qualifying engagements.
Regulatory Compliance We comply with GDPR, CCPA, HIPAA (for healthcare clients), and other applicable data protection regulations.
Business Continuity
Backup Strategy Data is backed up continuously with point-in-time recovery capability. Backups are encrypted and stored in geographically distributed locations.
Disaster Recovery Our disaster recovery plan targets 4-hour Recovery Time Objective (RTO) and 1-hour Recovery Point Objective (RPO) for critical systems.
Testing Business continuity and disaster recovery procedures are tested semi-annually with documented results reviewed by leadership.
Supply Chain Security
Vendor Assessment Third-party vendors undergo security assessments before engagement. Critical vendors are reassessed annually.
Subprocessor List We maintain a public list of subprocessors handling client data. Material changes require 30 days notice to clients.
Quantum Threat Preparedness
Post-Quantum Cryptography We actively monitor NIST post-quantum cryptography standardization and are implementing quantum-resistant algorithms as they are ratified.
Crypto-Agility Our systems are designed for crypto-agility, enabling rapid algorithm replacement as threats evolve.
Harvest Now, Decrypt Later We assume adversaries are collecting encrypted data for future decryption with quantum computers and implement mitigations accordingly.
Reporting Security Issues
If you discover a security vulnerability in our systems, please report it responsibly to security@qryptonic.com. We commit to:
Acknowledge receipt within 24 hours
Provide status updates every 72 hours
Resolve confirmed issues within timeframes appropriate to severity
Recognize security researchers in our hall of fame (with permission)
We request you do not publicly disclose issues until we have addressed them.
Security Contacts
Chief Information Security Officer
Email: ciso@qryptonic.com
Phone: +1 (888) 2-QRYPTONIC
Security Operations Center
Email: support@qryptonic.com
24/7 Emergency: Available to enterprise clients
Updates to This Policy
We may update this Legal & Privacy page periodically. Material changes will be communicated via email to registered contacts. Continued use of our services after changes take effect constitutes acceptance.
Contact Information
General Inquiries
info@qryptonic.com
+1 (888) 2-QRYPTONIC
Legal Department
legal@qryptonic.com
Privacy Officer
legal@qryptonic.com
Security Issues
legal@qryptonic.com
Mailing Address
Qryptonic LLC
Miami, Florida USA
This legal page was last reviewed and updated on January 2, 2026. Version 2.0