Deterministic by construction.
Defensible by design.
QGI ships into regulated workflows where decisions must be replayed, signed, and defended. This page covers principles, deployment models, data handling, and the compliance roadmap.
Four non-negotiables.
Principle 01
Deterministic by construction
Same inputs and data versions produce identical reasoning graphs. No temperature knob changes the chain you defend.
Principle 02
Inspectable before generation
Seven HSC signals — Relevance, Conflict, Coverage, and more — surface as first-class artifacts before a decision letter is written.
Principle 03
Provenance preserved end-to-end
Every fact, rule, and document carries source, version, and temporal scope. Decisions replay against the rules in force on that date.
Principle 04
License-safe data
Customer data is never used for training without written agreement. Qualtron specialists train on licensed corpora only.
Three ways to run the stack.
Choose a deployment model up-front. Control plane and data plane separation keeps residency and key ownership defensible at audit.
Deployment 01
QGI Managed
QGI-hosted for demos and evaluations. Single-tenant workspace isolation.
- US region; Canada on roadmap
- Encryption in transit and at rest
- Per-workspace encryption keys
- Audit log export (JSON / SIEM)
Deployment 02
Customer VPC
Control plane by QGI; data plane in customer VPC. No regulated data leaves the tenant.
- Customer-owned keys (BYOK)
- Private networking
- Region-pinned to customer policy
- SSO, SCIM, and workspace RBAC
Deployment 03
On-premise / Air-gapped
Full-stack in customer environment for classified, HIPAA-critical, or sovereign data.
- Full data sovereignty
- Customer-driven upgrade cadence
- Offline model cards and replay tooling
- Air-gapped inference support
What we do with your data.
Training
Training
Customer data is never used to train QGI models without explicit written agreement.
Inference
Inference
Prompts and responses stay inside the tenant boundary under VPC and on-prem. Managed retains only per workspace retention policy.
Replay & audit
Replay & audit
Reasoning graphs export as JSON-LD, SIEM, or signed archive for your GRC platform.
Deletion
Deletion
Customer-initiated deletion removes records and reasoning graphs per agreed SLA.
Detailed policy lives in the current Privacy Policy and Terms of Service. Enterprise engagements are governed by a Master Service Agreement and Data Processing Addendum available on request.
What is committed. What is next.
A dated view of where compliance artifacts are today and where they will be when a demo moves to production.
Committed 2026
- SOC 2 Type II audit in progress (report target: Q4 2026)
- Model card and audit export standardization across the stack
- Data Processing Addendum and EU SCCs available on request
- Customer VPC deployment (AWS first, Azure next)
2027 roadmap
- HIPAA readiness for healthcare-vertical engagements
- FedRAMP Moderate path for government-vertical engagements
- ISO 27001 alignment
- On-premise / air-gapped reference deployment
Founder statement · On the record
I hold a PhD in formal verification — the discipline of proving, not hoping, that a system behaves correctly. A regulated decision that cannot be replayed and defended has no business being made by an AI system.
— Dr. Sam Sammane, Co-Founder & Chief Scientist, Quantum General Intelligence Inc.
Evaluating QGI under an AI Governance framework?