Security & Compliance

AI PQC Audit is built with enterprise security, control mappings, and customer data protection in mind. Our platform aligns to recognized frameworks and follows NIST-recommended cryptographic practices, with transparent data handling and strong operational safeguards designed for regulated environments.

Control Alignment & Mappings

We maintain documented mappings to NIST SP 800-53 Rev. 5 (Moderate) control families and provide control references to accelerate enterprise reviews, internal audits, and ATO workflows. Our exported reports include control IDs to streamline evidence gathering for security teams.

Cryptography & Transport

Cryptographic choices follow NIST recommendations. Data in transit uses TLS 1.2+ with modern cipher suites (e.g., AES-256-GCM, ECDHE). Data at rest is encrypted using AES-256, with keys managed in hardened services. We rotate secrets regularly and support customer key rotation schedules where applicable.

Data Handling & Retention

We collect the minimum data required to provide the service. Customer uploads are stored in encrypted storage, scoped to your tenancy. Retention settings are configurable; exports (CSV/PDF/JSON) are deleted on a schedule you control or upon request. A Data Processing Addendum (DPA) is available for enterprise customers.

Access Management & Operations

Access is role-based and logged. Administrative actions are monitored and auditable. We operate with least-privilege, enforce MFA for internal staff, and maintain secure software development practices including code review, dependency scanning, and vulnerability management. Production access is restricted and monitored.

Vulnerability Management

We continuously monitor for vulnerabilities and prioritize remediation using KEV (known-exploited), CVSS (severity), and EPSS (likelihood). Coordinated disclosure is supported—see the Security section of our FAQ for how to report a finding.

Privacy & Regulatory Support

We provide features and documentation that help customers meet obligations under GDPR and CCPA/CPRA, including request handling and data export/delete workflows. Our teams follow secure data lifecycle practices and can share artifacts under NDA upon request.

Audit Readiness

Our controls are designed to meet the SOC 2 Trust Services Criteria for Security, Availability, and Confidentiality. Control descriptions and evidence snapshots can be shared with customers under NDA for vendor risk assessments and security reviews.

Documents & Requests

  • Control mappings (NIST SP 800-53 Rev. 5) — available upon request
  • Data Processing Addendum (DPA)
  • Product security overview & architecture notes
  • Uptime & service endpoints (including /healthz)

To request documents under NDA, contact Security & Compliance.

Live Compliance Dashboard

Access our executive compliance dashboard showing control coverage, gaps, and evidence status in real time

Compliance dashboard available to admin users after login

Core Features
Get Started
Support & Info

© 2025 AI PQC Audit. Advanced multi-AI powered post-quantum cryptography security platform.

Powered by Proprietary Multi-AI Technology