We are a quantum security company. We hold ourselves to the highest standards — post-quantum cryptography deployed in production from day one.
All API results and infrastructure communications are signed with ML-DSA-65 — the highest tier post-quantum digital signature algorithm standardised by NIST in August 2024.
Four-layer defence: PQC bastion pool → WireGuard mesh → origin compute → encrypted data tier. Origin servers never appear in DNS or port scans. Cloudflare intentionally excluded to protect our PQC brand.
14-layer security across all 16 nginx vhosts. HMAC-SHA256 cookie signing, JA4 browser fingerprinting, rate limiting, automated threat detection.
Found a vulnerability? We take security seriously. Report to security@qmumma.com. We acknowledge within 24h, patch within 72h for critical issues, and credit researchers who report responsibly.
ML-DSA-65 public key available at https://qmumma.com/.well-known/mldsa65_pk.bin — independently verify any Q-MUMMA signature.