QGI Logo QGI
Trust

Deterministic by construction.
Defensible by design.

QGI ships into regulated workflows where decisions must be replayed, signed, and defended. This page covers principles, deployment models, data handling, and the compliance roadmap.

Principles

Four non-negotiables.

Principle 01

Deterministic by construction

Same inputs and data versions produce identical reasoning graphs. No temperature knob changes the chain you defend.

Principle 02

Inspectable before generation

Seven HSC signals — Relevance, Conflict, Coverage, and more — surface as first-class artifacts before a decision letter is written.

Principle 03

Provenance preserved end-to-end

Every fact, rule, and document carries source, version, and temporal scope. Decisions replay against the rules in force on that date.

Principle 04

License-safe data

Customer data is never used for training without written agreement. Qualtron specialists train on licensed corpora only.

Deployment models

Three ways to run the stack.

Choose a deployment model up-front. Control plane and data plane separation keeps residency and key ownership defensible at audit.

Deployment 01

QGI Managed

QGI-hosted for demos and evaluations. Single-tenant workspace isolation.

  • US region; Canada on roadmap
  • Encryption in transit and at rest
  • Per-workspace encryption keys
  • Audit log export (JSON / SIEM)

Deployment 02

Customer VPC

Control plane by QGI; data plane in customer VPC. No regulated data leaves the tenant.

  • Customer-owned keys (BYOK)
  • Private networking
  • Region-pinned to customer policy
  • SSO, SCIM, and workspace RBAC

Deployment 03

On-premise / Air-gapped

Full-stack in customer environment for classified, HIPAA-critical, or sovereign data.

  • Full data sovereignty
  • Customer-driven upgrade cadence
  • Offline model cards and replay tooling
  • Air-gapped inference support
Data handling

What we do with your data.

Training

Training

Customer data is never used to train QGI models without explicit written agreement.

Inference

Inference

Prompts and responses stay inside the tenant boundary under VPC and on-prem. Managed retains only per workspace retention policy.

Replay & audit

Replay & audit

Reasoning graphs export as JSON-LD, SIEM, or signed archive for your GRC platform.

Deletion

Deletion

Customer-initiated deletion removes records and reasoning graphs per agreed SLA.

Detailed policy lives in the current Privacy Policy and Terms of Service. Enterprise engagements are governed by a Master Service Agreement and Data Processing Addendum available on request.

Compliance roadmap

What is committed. What is next.

A dated view of where compliance artifacts are today and where they will be when a demo moves to production.

Committed 2026

  • SOC 2 Type II audit in progress (report target: Q4 2026)
  • Model card and audit export standardization across the stack
  • Data Processing Addendum and EU SCCs available on request
  • Customer VPC deployment (AWS first, Azure next)

2027 roadmap

  • HIPAA readiness for healthcare-vertical engagements
  • FedRAMP Moderate path for government-vertical engagements
  • ISO 27001 alignment
  • On-premise / air-gapped reference deployment
Founder statement

Founder statement · On the record

I hold a PhD in formal verification — the discipline of proving, not hoping, that a system behaves correctly. A regulated decision that cannot be replayed and defended has no business being made by an AI system.

— Dr. Sam Sammane, Co-Founder & Chief Scientist, Quantum General Intelligence Inc.

Evaluating QGI under an AI Governance framework?

Partner with QGI