Navigate Trust Centre

Trust Centre

Last updated:

Our compliance posture, legal framework, and data practices — stated plainly. This is the authoritative reference for anyone who needs to understand how QSECDEF operates as an institution.

Compliance Posture

UK GDPR EU GDPR DSA (N/A) EU AI Act IPSO (voluntary) Reuters Trust (voluntary) ePrivacy Art 28 GDPR

Full detail: Compliance Posture

What QSECDEF is — and what it is not

QSECDEF is an independent professional membership organisation for practitioners, researchers, and organisations working in quantum security and post-quantum cryptography. It operates as a platform for open professional exchange.

QSECDEF does not endorse, certify, or warrant any product, service, technology, or methodology discussed on this platform. Content published here does not constitute legal, financial, regulatory, or commercial advice. Members act on their own professional judgement and due diligence.

Read the full Disclaimer

Trust Centre sections

Reference standards

QSECDEF references these standards in its editorial and compliance practices. This is not a certification list.

  • NCSC UK — National Cyber Security Centre guidance on post-quantum cryptography and responsible AI use.
  • ICO — UK Information Commissioner's Office. UK GDPR transparency and data subject rights principles.
  • ETSI ISG QSC — European Telecommunications Standards Institute, Quantum Safe Cryptography.
  • ENISA — European Union Agency for Cybersecurity. Post-quantum transition guidance.
  • IPSO Editors' Code — Voluntary adoption. Clause 1 (Accuracy) and Clause 2 (Privacy).
  • Reuters Trust Principles — Voluntary alignment. Editorial integrity, independence, and freedom from bias.

AI-assistance disclosure

QSECDEF uses AI tools to assist with research synthesis, drafting, and editorial quality review. AI does not replace expert human judgement on any published analysis or recommendation.

Quantum Security Defence uses AI-assisted tooling in its content production and research pipeline. This tooling is used to enhance editorial efficiency and quality review. It does not generate authoritative positions on quantum security matters autonomously. All published positions represent the considered view of QSECDEF's expert community and editorial team, consistent with EU AI Act Article 50 transparency obligations.

Data privacy contact

Steven Vaile — EU Data Privacy, QSECDEF Director.
EU data subjects may contact Steven via LinkedIn. QSECDEF responds within one calendar month consistent with EU GDPR Article 12(3).

For data subject access requests: info@qsecdef.com

EU Representative (Article 27 GDPR): WhizWang.com SAS, 1 Avenue du Pompadour, 19230, France (SIREN 835217803). EU data subjects may contact the EU Representative at the registered address above.

Change log

Trust Centre launched. Disclaimer, Compliance Posture, Sub-processors published. Single /trust/ destination replacing 7 /legal/* pages.
Compliance posture updated to three-state matrix. ICO registration reference C1938715 confirmed as application in process.
Sub-processor list updated: Mighty Networks EU DPA flagged as in progress (later confirmed in force — see 2026-05-21 entry). F1-F4 details requested from provider.
Major update: Mighty Networks EU DPA confirmed in force (EU SCCs Module 2 — Controller-to-Processor, effective 1 September 2025). F1-F4 operational details confirmed: plan tier Business; SOC 2 Type II; AWS region US East (Virginia / DC metro); member data export supported via sub-processor tooling. Disclaimer preamble expanded to four points (adds "Open community" — members' code of conduct). Compliance and sub-processor pages updated with full SCC, supervisory authority, and provider operational facts. Members Code of Conduct published at /trust/member-charter/ — the document the disclaimer commits to. Footer cookie + privacy policy links repointed to Trust Centre.
Your Data Rights page published at /trust/data-rights/ — including Brevo removal mechanism, Mighty Networks cancellation walkthrough, full system inventory, and the anonymised-data carve-out under UK GDPR Article 4(5). Refund Policy page published at /trust/refund-policy/ — seven-day money-back guarantee, EU and UK fourteen-day statutory cancellation rights, and refund rate of less than 1% of transactions published openly. Footer Trust Centre column extended; sidebar gains "Your Rights" section. Self-service Brevo deletion form being built in parallel and will replace the email mechanism in section 2.1 when shipped.
Customer and Speaker Logo Use policy published at /trust/logo-use/ — opt-out at any time; immediate takedown on request from any company officer; up to 90 days for re-instatement if the takedown was reported in error. Linked from Trust Centre nav cards, sidebar, and footer.
Information about third-party subjects clause added to the Disclaimer (section f.1). Establishes that QSECDEF does not warrant the accuracy of information about listed companies and other Third-Party Subjects; reliance is at the visitor's own risk; corrections accepted at info@qsecdef.com; suppliers warrant accuracy on submission and indemnify QSECDEF against claims arising from their submissions. Micro-disclaimer mirrored on every /companies/{slug}/ page footer.