Security & Trust

Built for Organisations Where Security, Privacy and Control Are Non-Negotiable

Quantum Sentinel is built on a simple principle: you should never have to compromise your security posture to understand your cryptographic exposure. This page sets out how we handle data, what standards the platform helps you assess against, and how to report a security concern.

Our Data-Handling Model

Quantum Sentinel is deployed on-premises or within your private infrastructure, ensuring your cryptographic metadata never leaves your security perimeter. We also support air-gapped networks and segmented enterprise environments.

Discovery is agentless and read-only by design. Quantum Sentinel collects cryptographic metadata only — it never copies private keys, certificates, sensitive files, or application data.

Standards Alignment

Quantum Sentinel is built to help you assess and plan against the standards your cryptographic exposure is actually measured by.

FIPS 203 (ML-KEM)

NIST's standard for module-lattice-based key encapsulation — the primary post-quantum key-establishment algorithm.

FIPS 204 (ML-DSA)

NIST's standard for module-lattice-based digital signatures.

FIPS 205 (SLH-DSA)

NIST's stateless hash-based digital signature standard, offering a conservative, hash-based alternative.

NIST SP 800-131A

Guidance on transitioning cryptographic algorithm and key-length usage, referenced throughout Quantum Sentinel's exposure scoring.

CNSA 2.0

The NSA's Commercial National Security Algorithm Suite 2.0 timeline for national security systems, used as a business-context reference for migration prioritisation.

Our Own Security Posture

A platform built to help you understand cryptographic exposure should hold itself to the same standard. Quantum Sentinel’s practices are designed with SOC 2 and ISO 27001 principles in mind, and we are evaluating formal certification as the company scales.

Responsible Disclosure

If you believe you’ve found a security vulnerability in Quantum Sentinel’s platform or website, we want to hear from you. Please report it to hello@quantumsentinel.uk with as much detail as possible — we’ll acknowledge receipt and keep you updated as we investigate.

A machine-readable disclosure contact is also published at /.well-known/security.txt, per RFC 9116.

Questions About Our Security Model?

Talk to us about your environment, your compliance requirements, or how Quantum Sentinel deploys in yours.

Scroll to Top