AI you can explain, defend, and audit — by design.
JAQL builds for banks, defence and government, where every AI decision must be explainable to a regulator, supervised by a human, and provable after the fact. Responsible AI isn't a policy we bolted on — it's how the products are engineered. Every JAQL product ships with its own Security Assessment Report.
Honesty rule
- In place — operating today (e.g. human-in-the-loop design, audit logging, product Security Assessment Reports).
- Aligned to — architected to the standard's controls; not yet certified.
- In progress — certification actively being pursued. Never claimed as held.
Five guarantees, each built into the product — not promised on a slide.
Explainable by design
Every decision carries a plain-English, human-readable reason a regulator, board or court can follow. No black boxes.
Human always in the loop
No JAQL system takes an autonomous action on a high-stakes decision. The system flags; a qualified human decides.
Auditable end to end
Every inference is logged with a full audit trail, retained inside the client's own infrastructure and accessible to their governance team at any time.
Sovereign by default
Data never leaves the client's premises — cloud, on-premise, or air-gapped. Aligned to India's DPDPA, the Gulf's NESA and data-residency rules, the EU's GDPR.
Bias-monitored and reviewed
Continuous bias monitoring across demographic, cultural and linguistic dimensions; outputs reviewed against recognised AI-ethics principles (OECD AI Principles).
Every product carries a Security Assessment Report.
Unlike vendors who present a single security policy, each JAQL product carries its own Security Assessment Report (SAR) documenting its security posture, controls and risk profile. SARs are available to qualified government and defence evaluators under NDA as part of a tender response.
Where a SAR is still being finalised, it is explicitly labelled "SAR in progress" in the tender response — never implied otherwise.
Mapped to the frameworks your tender scores against.
Status is set conservatively. "In progress" reflects a credible, funded roadmap; it is never upgraded without evidence.
| Framework | Status | Note |
|---|---|---|
| DPDPA (India) | In place | Data residency and consent by design across deployments. |
| CERT-In reporting readiness | Aligned to | Incident-reporting playbooks and log retention follow CERT-In direction. |
| RBI / SEBI / IRDAI IT governance | Aligned to | Banking and insurance products architected to sectoral IT-governance controls. |
| NIST CSF & NIST PQC (FIPS 203 / 204 / 205) | Aligned to | Crypto-agility roadmap built on NIST-standardised PQ algorithms. |
| ISO/IEC 27001 | In progress | Information security management system implementation underway. |
| SOC 2 | In progress | Trust services criteria readiness underway. |
| GDPR (EU) | Aligned to | Lawful basis, DPIA support and data-subject rights handling. |
| Gulf: NESA / PDPL / data residency | Aligned to | Sovereign deployment for UAE and KSA engagements. |
| OECD AI Principles / Responsible AI | Aligned to | Transparency, accountability and human oversight built into product design. |
We protect the people who run the system, too.
JAQL's governance extends to the humans in the loop. Our cognitive-load monitoring — the StressTrace Heimdall model — watches for fatigue and overload in analysts, clinicians and operators (the human conditions that precede costly errors) and routes work intelligently to keep teams sharp. Governance that protects citizens and the staff who serve them.
Building a tender? Let's give your evaluators what they need.
Governance documentation, SARs under NDA, and framework mapping — provided as part of any government or defence engagement.
Data Subject Access Request (DSAR) procedure
JAQL honours data-rights requests under India DPDP Act 2023 (Data Principal rights), EU GDPR (Articles 15–22), EU DORA, and aligned with the NIST Privacy Framework (USA). This procedure applies to personal data we control as a data fiduciary / controller.
1. Who can request
Any Data Principal / data subject whose personal data JAQL processes — including website visitors, newsletter subscribers, demo-form leads, and authorised representatives acting on their behalf.
2. Rights you can exercise
- Access — a copy of the personal data we hold about you and the purposes of processing.
- Correction — rectify inaccurate or incomplete data.
- Erasure — deletion where the data is no longer necessary or consent is withdrawn.
- Restriction & objection — limit or object to specific processing.
- Portability — receive data in a structured, machine-readable format.
- Withdraw consent — at any time, without affecting prior lawful processing.
- Nominate — appoint another person to exercise rights on your behalf (DPDP §14).
- Grievance redressal — escalate to our Grievance Officer before contacting the Data Protection Board of India or your EU supervisory authority.
3. How to submit a request
Email nupur@jumpstartquantumlabs.org with subject line "DSAR Request", or use the form at /privacy.html#data-rights. Include: (a) your full name and the email/identifier used with JAQL; (b) the right you wish to exercise; (c) the scope (specific data, time period or all data); (d) preferred delivery format; (e) if acting for another person, written authorisation.
4. Identity verification
To prevent fraudulent disclosure we verify identity using the email of record and, where the request is high-risk (deletion, portability of sensitive data), one additional signal — a confirmation reply from a second contact channel or a government-issued ID redacted to name + photo. Verification material is destroyed once the request is closed.
5. Timelines
- Acknowledgement: within 72 hours of receipt.
- Resolution: within 30 days (DPDP / GDPR Article 12(3)). Complex or high-volume requests may be extended by a further 60 days with written reasons.
- Unsubscribe / consent withdrawal: within 7 days.
6. Fees
DSAR responses are free of charge. A reasonable fee may apply only to manifestly unfounded, excessive or repetitive requests (GDPR Article 12(5)), or for additional copies, and will be communicated before any work is performed.
7. Refusal & appeal
We may refuse a request where it is manifestly unfounded, infringes another person's rights, conflicts with a legal obligation, or where identity cannot be verified. We will tell you the reason and your appeal options.
8. Escalation
Grievance Officer: Dr. Nupur Mukherjee — nupur@jumpstartquantumlabs.org. If you are dissatisfied, you may escalate to the Data Protection Board of India (DPDP Act 2023, §27), to your EU/EEA supervisory authority (GDPR Article 77), or to the relevant authority in your jurisdiction.
9. Record & audit
Every DSAR is logged with timestamp, requestor, scope, verification outcome, decision, response artefact and SLA metric. Logs are retained for 24 months for regulator audit and then deleted.