Security, privacy, and report integrity

Data handling

Scan results are stored per tenant when Postgres persistence is enabled. You may delete scans via DELETE /tenant/scans/{id}. Tenant API keys are hashed at rest; revoke leaked keys immediately via admin.

Report integrity

Each migration report includes a SHA-256 content hash and signature (ML-DSA-65 when liboqs is available, Ed25519 fallback otherwise). Verify independently at /verify.

Honest scope

Qtangl provides cryptographic inventory and prioritization — an inventory aid, not a formal audit or attestation. Findings should be validated in your environment before regulatory submission.

Retention

Upload bundle sessions expire after 24 hours. Scan job retention follows your deployment configuration; contact Qtangl for enterprise data-residency and custom retention windows.

Monitoring & alerts

Monitor tier supports scheduled re-scans, drift diffs, and webhook notifications on scan completion. Webhook payloads use schema version qtangl-webhook-v2 for SIEM ingestion. Optional HMAC signing via X-Qtangl-Signature when a tenant signing secret is configured. Failed deliveries are retained in a Postgres-backed DLQ with dashboard replay.

Sub-processors

Production deploys may use Railway (hosting), Postgres (data), Redis (queue), Stripe (billing), and optional email delivery. Enterprise customers receive a current sub-processor list during contract review.

SOC 2 & compliance

SOC 2 Type I scope is documented internally; we do not claim certification on marketing pages until complete. GRC framework mappings (NIST CSF, EU PQC guidance) are provided as readiness aids via the compliance posture API.

DPA requests

Request a Data Processing Agreement via Contact sales — include entity name, data residency requirements, and expected scan volume.

Dogfood verification

Qtangl signs its own scan reports and publishes verification steps at /verify. We recommend customers verify a sample report before production rollout.