Overview
Documentation for secure healthcare, diagnostics, and optimization operations.
This documentation surface follows a modern developer-docs structure and covers platform requirements, compliance boundaries, operational controls, and deployment readiness.
Healthcare-ready architecturePolicy-first workflowsOperational guardrailsDeployment governance
Platform model
Compute and execution profile
Model development, training, and benchmark orchestration run on NVIDIA GPUs and Pasqal QCs (quantum computing systems), with workload routing selected by task profile, queue health, and validation requirements.
Public documentation focuses on operating expectations and compliance framing while protecting implementation safety and proprietary controls.
Program statement
Confidentiality-safe program positioning
The statement below is provided for legal and compliance context while preserving proprietary implementation confidentiality.
- NEXQ and LuxLeaf AI are engineering what they define as the world's first end-to-end, full-stack, hybrid-quantum-encrypted and hybrid-quantum-powered PACS web and mobile application for 3D segmentation and characterization of solid tumors, starting with brain.
- The program scope includes full diagnostics support with treatment-plan orchestration and 3D treatment-visualization workflows showing where and how treatment is planned to occur within secure role-bounded interfaces.
- This public documentation statement is intentionally high-level and does not disclose non-public architecture, cryptographic implementation specifics, model internals, or proprietary pipeline design.
- All clinical outputs remain decision-support artifacts and require licensed professional review, institution-level governance, and legal/regulatory controls before production use.
Compliance
Compliance and legal requirements
NEXQ documentation is structured for legal, security, and operations review before production onboarding.
Healthcare privacy baseline
HIPAA-aligned operations
Role-based access, minimum-necessary handling, audit trail visibility, and controlled release workflows are built into operational patterns.
Cross-region policy posture
GDPR-aligned controls
Data lifecycle handling supports access, correction, retention, and deletion request pathways with accountable policy checkpoints.
Human-in-the-loop requirement
Clinical and medical-use boundaries
Outputs are decision-support signals and must be reviewed by licensed professionals under applicable clinical, legal, and institutional policy.
Enterprise implementation gate
Contract and governance alignment
Production use requires contractual controls, security review, approved access scopes, and institution-specific legal acceptance.
Security controls
Security control baseline
Security controls combine identity governance, transport protection, audit readiness, and controlled release boundaries.
Identity and access boundaries
Role-scoped authentication, forced re-authentication pathways, and session lifecycle controls reduce unauthorized access risk.
Transport and envelope safeguards
Security posture requires TLS transport protections and encrypted data lanes for sensitive workflow operations.
Audit and traceability signals
Sign-in events, route access, and high-risk actions are designed to be observable for governance and forensic review.
Controlled release boundaries
Operational exports and disclosures are expected to pass policy checkpoints before release.
Deployment requirements
Production deployment checklist
Organizations integrating NEXQ should complete these requirements before go-live.
- TLS 1.2+ transport security and strict origin policy enforcement
- Authenticated, role-scoped access with session timeout and forced re-authentication handling
- Audit logging for sign-in, access changes, sensitive workflow actions, and export activity
- Documented data retention windows and legal hold controls
- Operational incident response process with defined escalation contacts
- Documented HIPAA/GDPR policy ownership with institutional governance sign-off
- Ongoing monitoring for uptime, latency, and security configuration drift
Governance
Clinical, legal, and disclosure governance
NEXQ provides encrypted and role-aware systems. Organizations remain responsible for legal review, clinical governance, and policy adoption in their own jurisdiction.
- Designate a compliance owner and incident commander before production release.
- Define approved use boundaries for diagnostics, oncology, cardiovascular, and optimization workflows.
- Establish retention and deletion controls per legal and contractual requirements.
- Require human review for medical and operational decisions that affect patient care.
- Publish client-facing disclaimers and obtain organization-level legal acceptance.
Legal controls
Enterprise legal and compliance control baseline
Production use should include documented legal controls that align with privacy obligations, security governance, and regulated healthcare workflows.
- Business Associate Agreement (BAA) and Data Processing Agreement (DPA) execution before handling protected production datasets.
- Least-privilege user provisioning with role review and documented access recertification intervals.
- Documented breach/incident escalation workflow with legal and compliance notification ownership.
- Change-control records for security-impacting releases, including rollback and evidence retention requirements.
- Policy acknowledgements for forced logout behavior, interruption risk, and human clinical review responsibility.
- Repository and distribution compliance with the NEXQ proprietary license prior to any implementation, internal fork, or redistribution.
Policy lifecycle
Policy change management and publication controls
NEXQ policy and legal documentation updates are managed as controlled releases with verification, traceability, and confidentiality protections.
- Policy revisions follow change-control gates with legal, security, and operations owner sign-off before release.
- Major documentation or policy updates run through an eight-pass consistency and integration loop before publication.
- Public-facing policy statements are confidentiality-safe and exclude non-public cryptographic, model, and infrastructure internals.
- Material changes require updated effective dates, revision traceability, and linked references across privacy, documentation, and workspace notices.
IP and licensing
Intellectual property and licensing posture
NEXQ maintains a proprietary licensing posture for protected platform IP, while respecting the independent rights of partner and third-party organizations.
- TumorQ, LiMiQ, HeartQ, and related source materials are proprietary to NEXQ and/or its licensors unless explicitly stated otherwise in writing.
- Third-party logos, names, trademarks, service marks, and brand assets remain the property of their respective owners.
- No implied license is granted by website access, documentation access, API access, or workspace access.
- Any permitted use must remain bounded by executed agreements, applicable law, and policy-governed release controls.
Operations
Operational runbook and support boundaries
This page is a technical and policy overview and does not replace legal counsel, regulatory assessment, or licensed medical judgment.
Infrastructure profile
Model development and benchmark orchestration run on NVIDIA GPUs and Pasqal QCs, with task routing selected by queue health and validation requirements.
Runtime reliability
Production operations target controlled latency envelopes, graceful degradation, and guarded release checks before deployment.
Security reporting
Security or privacy concerns should be reported through official contact channels for triage and response coordination.
Documentation scope
Public documentation intentionally excludes proprietary implementation details while preserving legal and operational clarity.
