Governance & Policies

Ecosystem legal terms

Please select a tab card below to read our detailed, comprehensive terms of use, privacy policy, cookie compliance, and hybrid licensing guidelines.

Terms

Terms of Use

Comprehensive user agreements & liability disclaimers.

Privacy

Privacy Policy

Strict telemetry ban & local-first client containment.

Tracking

Cookie Policy

Strictly essential session cookies & zero advertising.

Licensing

Open Source Notice

Permissive hybrid, open & proprietary license models.

Terms of Use and Conditions

Last updated: June 2026 — Version 3.0 — Comprehensive Sovereign Ecosystem Agreement

PLEASE READ THESE TERMS OF USE AND CONDITIONS IN THEIR ENTIRETY WITH EXTREME CARE BEFORE ACCESSING, COMPILING, RUNNING, DISTRIBUTING, OR EXECUTE ANY SOFTWARE PRIMITIVES, COMPILER MODULES, RUNTIME LIBRARIES, CRYPTOGRAPHIC DATA STRUCTURES, OR WEB SERVICES PROVIDED BY QXS FOUNDATIONS (THE "FOUNDATION"). BY ACCESSING OUR SUBDOMAINS OR RUNNING OUR CODEBASES, YOU UNCONDITIONALLY AGREE TO BE BOUND BY EVERY PROVISION OF THIS CONTRACT.

Article I: Preamble, Scope & Binding Jurisdictional Thresholds

1.1. Contractual Scope: This comprehensive Terms of Use and Conditions (referred to herein as the "Terms", the "Contract", or the "Agreement") constitutes a binding, enforceable legal contract between you (acting either as an individual independent developer, researcher, systems administrator, student, or builder, or as a fully authorized representative of a corporate entity, academic institution, non-profit organization, or government agency, hereinafter collectively referred to as the "User", "Builder", "Licensee", or "You") and QXS Foundations, an independent computing research initiative dedicated to sovereign digital development (hereinafter referred to as the "Foundation"). This Contract governs your absolute access to, interaction with, downloading of, local compilation of, and deployment of all Foundation Assets, subdomains, and related digital materials.

1.2. Immediate Legal Consent: By accessing any public mirror, navigating any page under the primary domain qxs-foundations.org.in or its audited subdomains (including www, docs, safe, lang, os, wsc, ai, downloads, git), downloading any source zip folders, cloning our Git trees, or running pre-compiled binary releases, you declare and warrant that you possess the full legal authority to enter into this Contract and that you accept every article and clause herein. If you do not accept these Terms in full, you are strictly prohibited from compiling, executing, hosting, or interacting with any QXS code or platform. In such case, you must immediately close all browser tabs, delete all local clones, and purge any related local database volumes or cache files from your machines.

1.3. Ecosystem Autonomy: QXS Foundations operates strictly as a developer-driven, non-corporate computing research collective. The Foundation builds and distributes experimental software tools designed to facilitate localized, client-side, telemetry-free development. This Contract is a mutual commitment to preserve system independence, cryptographic sovereignty, and codebase provenance across the global developer community.

Article II: Comprehensive Definitions of Ecosystem Components

To ensure absolute clarity throughout this Contract, the following capitalized terms shall have the exact definitions set forth below, regardless of whether they appear in singular or plural form:

  1. "Foundation Assets" refers to the complete collection of web directories, subdomains, offline source repositories, codebases, compilers, libraries, runtime environments, blueprints, graphics, trademarks, logos, GPG keys, and pre-compiled binaries managed by the Foundation.
  2. "Sovereign stack" refers to the collection of computing software and hardware concepts designed to run completely under client-side control, strictly avoiding background communication nodes or external telemetry arrays.
  3. "Safe Manager" refers to the local-first cryptographic database utility developed under the safe subdomain for personal and enterprise credential stewardship.
  4. "QXS Lang" refers to the custom policy-driven programming language developed by the Foundation, featuring trinary logic models and intent-aware compilation engines.
  5. "QXS OS" refers to the sovereign operating system kernel and shell architectures under active development by the Foundation.
  6. "Wave State Computer (WSC)" refers to alternative analog-inspired room-temperature computing systems and theoretical architectures under experimental research phases.
  7. "Secure Sandbox" refers to a client-side execution container that isolates running processes from modifying secondary system files or initiating unverified network streams.
  8. "GPG Commit Signature" refers to a cryptographic signature verified against a known public GPG key, confirming the authorship and integrity of a specific source code commit.

Article III: Service Availability & Subdomain Architecture

3.1. Subdomain Provisioning: The Foundation provides access to various subdomain channels designed for research and deployment. Each channel is subject to distinct availability rules:

  • docs.qxs-foundations.org.in (Documentation): Provided as a read-only portal. Contents are updated dynamically as compiler specs and kernel releases evolve. You may copy and reference sample codes freely.
  • safe.qxs-foundations.org.in (Safe Manager): Served as a client-side cryptographic web utility. You are solely responsible for generating, managing, and preserving the master passphrases and Argon2ID key parameters.
  • lang.qxs-foundations.org.in (QXS Lang): Provides interactive previews, policy engine documentation, syntax guides, and waitlist registration layers.
  • os.qxs-foundations.org.in & wsc.qxs-foundations.org.in: Serve strictly as experimental overview portals. Blueprints are for research validation and academic audit only.
  • downloads.qxs-foundations.org.in & git.qxs-foundations.org.in: Mirror release binaries and active Git trees. Availability is subject to public CDN limits and rate-limiting controls.

3.2. No Availability Guarantees: Because the Foundation runs on independent infrastructure, we do not guarantee continuous, uninterrupted access to any subdomain or public mirror. We reserve the absolute right to modify, suspend, throttle, or terminate access to any digital assets at any time to defend against malicious actions or preserve operational integrity.

Article IV: Cryptographic User Identity & Passphrase Custody

4.1. Zero-Profile Mandate: QXS Foundations does not compile, store, or manage user profiles, centralized email lists (except as opted-in for newsletters), login credentials, or server-side user directories. Your identity within the QXS ecosystem is purely cryptographic and client-controlled.

4.2. Master Key Sovereignty: You acknowledge that applications like QXS Safe Manager use Argon2ID key derivation combined with AES-256-GCM encryption entirely within your browser's local memory. The Foundation does not possess, transmit, or back up your master passphrase or decryption keys. You are exclusively responsible for creating robust passphrases, backing up your database files, and preserving recovery parameters. In the event of passphrase loss, you acknowledge that recovery is mathematically impossible and that the Foundation has no technical means to decrypt your credentials.

Article V: Licensing Grants and Permitted Commercial Usage

5.1. MIT/Apache Dual-Licensing Layers: General client libraries, driver layers, system templates, and CSS frameworks are released under the MIT License or the Apache License, Version 2.0. You are granted full rights to modify, integrate, and distribute these modules, provided you preserve all copyright notices and contributor attributes in downstream files.

5.2. Compiler Licensing Restrictions: Core compiler blocks (such as QXS Lang compiler layers) are released under a custom permissive license. You are fully permitted to compile and execute code locally to build commercial applications. However, you are strictly prohibited from wrapping the compiler engine inside a proprietary, closed-source SaaS interface that charges compilation fees while locking developers out of local access. Compilation access must remain sovereign and reproducible on client-side machines.

5.3. Closed-Kernel Research Exclusions: Early-stage operating system cores, Wave State Computer math arrays, and experimental hardware models are read-only for educational and safety audits. You may inspect the code on public mirrors but are strictly prohibited from compiling, distributing, or utilizing these blocks for commercial purposes without securing prior written consent from the Foundation.

Article VI: Compiling Controls and Sandbox Isolation Mandates

6.1. Audit Prerequisite: You agree that compiling source code downloaded from the web carries absolute risk to your hardware, file structures, and local network adapters. You assume sole liability for auditing any pulled repositories before starting a build cycle. The Foundation does not represent that any source code will compile cleanly on all machine configurations.

6.2. Sandbox Mandate: When executing experimental system modules (such as early-stage QXS OS builds or alternate kernel shells), you agree to execute them strictly inside a Secure Sandbox. You agree not to override compile-time security parameters, memory boundaries, or sandboxing flags. Attempting to bypass the compiler's intent-aware safety logic automatically voids your license to use QXS tools.

Article VII: Code Submissions, Provenance & GPG Verifications

7.1. Verifiable Provenance: The Foundation enforces strict supply-chain security. If you submit pull requests, bug fixes, or documentation updates, you warrant that the contribution is your original work and that you possess all intellectual property rights to distribute it under our hybrid license model.

7.2. GPG Signature Requirement: Every code contribution submitted to our Git repositories must be cryptographically signed using a verified GPG key. Commits that are unsigned, fail hash checks, or fail to match a contributor's verified public GPG profile will be automatically rejected from our primary hosting systems.

Article VIII: Prohibited Infrastructure Interference and Malicious Acts

8.1. Prohibited Acts: You explicitly agree that you shall not engage in, assist with, or initiate any of the following malicious activities:

  • Distributed Denial of Service (DDoS): Flooding, socket-exhausting, or otherwise attempting to degrade the server performance of any QXS subdomain or mirror.
  • Malicious Code Injection: Submitting files containing worms, local system trojans, telemetry scripts, or unauthorized tracing hooks to public forums or Git mirrors.
  • Privilege Escalation: Writing custom modules within the QXS ecosystem designed to break out of sandboxed environments or access local files outside of declared directories.
  • Signature Forgery: Forging GPG commit signatures or distributing binary builds falsely claiming to be signed by the Foundation's admin key.

8.2. Defensive Blocks: The Foundation reserves the absolute right to deploy rate-limiters, web application firewalls (WAF), and IP blocking structures to prevent malicious acts. Violating IPs will be permanently blocked from our CDN networks.

Article IX: Third-Party Links & External CDN Disclaimers

9.1. External Outbound Links: The Foundation subdomains may contain links to external third-party sites, repository mirrors, or community forums. These links are provided solely as developer conveniences. The Foundation has zero control over, does not endorse, and assumes no liability for the content, privacy practices, or security postures of any third-party domains.

9.2. CDN Dependency: We use independent content delivery networks (CDNs) to distribute large source zip files and compiled executables. The Foundation does not guarantee the continuous availability or security of these external mirrors, and you access them at your own risk.

Article X: Disclaimer of Warranties

10.1. As-Is Baseline: ALL COMPILER SYSTEMS, SOFTWARE PROGRAMS, RUNTIME UTILITIES, SYSTEM INTERFACES, GRAPHIC DESIGNS, HARDWARE BLUEPRINTS, AND DOCUMENTATION DRAFTS ARE PROVIDED TO YOU ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS, IMPLIED, OR STATUTORY.

10.2. Complete Exclusions: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE FOUNDATION AND ITS TRUSTEES, SYSTEMS ADMINISTRATORS, DEVELOPERS, AND CO-RESEARCHERS EXPLICITLY DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OPERATIONAL RESILIENCE, SYSTEM COMPATIBILITY, COMPILER ACCURACY, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT CODES WILL COMPILE WITHOUT INTERRUPTIONS, THAT COMPILER DIAGNOSTICS ARE COMPLETELY FREE OF ERROR, OR THAT THE STACK WILL BE COMPATIBLE WITH ALL PAST OR FUTURE SYSTEM STANDARDS.

Article XI: Ultimate Limitation of Liability

11.1. Scope of Damages Excluded: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL QXS FOUNDATIONS, ITS TRUSTEES, SYSTEM OPERATORS, DEVELOPERS, OR MIRROR PROVIDERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES WHATEVER. THIS INCLUDES, WITHOUT LIMITATION, DAMAGES FOR LOSS OF DEVELOPMENT DATA, SYSTEM CRASHES, REVENUES DEPRIVATION, REPUTATIONAL INJURIES, UNRECOVERABLE CRYPTOGRAPHIC KEYS, PASSWORD DECRYPTION FAILS, CLOUD STORAGE BREACHES, PROCESS STALLS, SYSTEM DOWNTIMES, OR HARDWARE DEGRADATION, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH INJURIES.

11.2. Local Control Standard: Because QXS tools run strictly under your local custody, you assume absolute responsibility for configuring, security-hardening, and maintaining your local machines and storage media. The Foundation's liability is strictly capped at zero. This limitation of liability is a fundamental condition of access to the Foundation's assets, without which they would not be made available to You.

Article XII: Indemnification and Defense Commitments

12.1. Indemnity Obligation: You agree to defend, indemnify, and hold harmless QXS Foundations, its developers, and systems administrators from and against any and all claims, liabilities, system damages, losses, expenses, and reasonable attorneys' fees arising out of your compilation, execution, deployment, or misuse of the software libraries, your violation of these Terms, or your infringement of any third-party intellectual property or privacy rights.

12.2. Legal Costs: In the event of a third-party claim eligible for indemnification, you agree to cover all reasonable legal defense costs. The Foundation reserves the right to assume exclusive control over the defense of any such claim.

Article XIII: Governing Law, Dispute Resolution & Technical Arbitration

13.1. Technical Arbitration: Any dispute, controversy, or claim arising under this Contract, including its formation, validity, breach, or termination, shall be settled exclusively by binding virtual arbitration. The process shall be overseen by an independent three-member technical panel proficient in software architecture, compilation rules, and source licensing schemas, ensuring an objective, expert evaluation of any claims.

13.2. Governing Law: These Terms and all related actions shall be governed by, construed, and enforced in accordance with standard international open-source legal paradigms, without regard to local conflicts of law principles.

Article XIV: Force Majeure and Network Omissions

14.1. Scope of Force Majeure: The Foundation shall not be held liable or responsible for any failure, delay, or interruption of subdomain access or mirror downloads resulting from acts beyond our reasonable control, including but not limited to global internet outages, routing failures, ISP throttling, government censorship, acts of God, war, labor disputes, infrastructure breakdowns, or physical hardware degradation.

Article XV: Severability, Waivers, and Autonomy

15.1. Severability: If any provision, article, or sub-clause of this Contract is deemed unlawful, void, or unenforceable by an authorized technical arbitration panel, that specific provision shall be deemed severed from this Agreement, and its invalidity shall not affect the validity and enforceability of any remaining provisions, which shall continue in full force and effect.

15.2. No Waiver: No failure or delay by the Foundation in exercising any right, power, or remedy under this Contract shall operate as a waiver of that or any other right.

15.3. Autonomy Statement: QXS Foundations remains fully autonomous. We do not accept corporate sponsorships that mandate licensing changes, guaranteeing that the QXS stack will remain sovereign, open, and builder-focused forever.

Privacy Policy and Data Custody

Last updated: June 2026 — Version 3.3 — Core Governance Standard

QXS FOUNDATIONS IS RIGOROUSLY COMMITTED TO A ZERO-TELEMETRY OPERATIONAL STANDARD. WE BELIEVE THAT SOVEREIGN INDEPENDENCE AND COMPLETE SYSTEM PRIVACY BELONG PURELY IN THE HANDS OF THE BUILDER. THIS COMPREHENSIVE PRIVACY POLICY OUTLINES OUR DATA MINIMIZATION PRACTICES, LOCAL CLIENT ENCRYPTION MODELS, AND COMPLIANCE EXPECTATIONS.

Article I: Privacy Preamble & Zero-Telemetry Mandate

1.1. Sovereign Privacy: Modern development platforms, compiler tools, and utility applications actively profile developers by silently monitoring console inputs, logging compiler output errors, parsing local source directories, and transmitting telemetry metadata back to corporate database arrays. QXS Foundations completely rejects this pervasive tracking culture. Your intellectual property and software operations are your exclusive business.

1.2. Categorical Telemetry Ban: All compiler systems, code packages, pre-compiled binaries, desktop utilities, command-line interfaces, and web frameworks developed by the Foundation are completely free of tracing cookies, tracking pixels, crash analytics, phone-home code segments, and telemetry reporting hooks. No user profile is ever created, and no metadata is transmitted to our servers when you build, compile, or run our applications.

Article II: Telemetry Ban and Diagnostic Exclusions

2.1. Zero Reporting: When a QXS compiler (such as QXS Lang) encounters a compilation error or core system crash, the diagnostic feedback loop remains entirely local on your machine. The compiler will write a local error report to your designated console screen or log directory, but will never attempt to package and upload this data to the Foundation. If you wish to seek assistance, you must copy and paste this text manually into an encrypted email thread with support.

2.2. Local Debugging: All testing, benchmarking, and profiling tools developed by the Foundation run exclusively client-side. No background telemetry channels are opened, ensuring that your core developmental workflows, algorithms, and logic remain fully secure and unseen within your local environment.

Article III: Client-First Encryption Architecture & Master Key Custody

3.1. Local Cryptography: Utilities such as QXS Safe Manager encrypt, process, and decrypt database volumes entirely within your machine's local runtime memory space. All cryptographic actions rely on audited, high-precision algorithms, utilizing AES-256 in Galois/Counter Mode (GCM) paired with Argon2ID key derivation parameters. At no point do your unencrypted credentials, passphrases, or master keys leave your local machine.

3.2. Absolute Key Custody: Because QXS Foundations does not host centralized cloud databases, we hold zero backup copies of your credentials, zero database keys, and zero system backdoors. You maintain absolute, exclusive custody of your system passphrases. If you lose your master key or forget your Argon2ID parameters, the Foundation has no technical capacity to assist you in restoring your data. Recovery is mathematically impossible without your local master key.

Article IV: Support Correspondence & rolling 30-Day Purge Rules

4.1. Minimal Communication: When you initiate contact with the Foundation via email (e.g. contact@qxs-foundations.org.in, security@qxs-foundations.org.in), we receive your sending email address and whatever information you choose to include in your message. This data is utilized solely for the purpose of answering your query, debugging reported issues, or evaluating vulnerability reports.

4.2. Purge Rule: All support emails, logs, and attachments are processed through our routing systems and are automatically, permanently deleted within 30 calendar days of resolving the inquiry. No database of email addresses is compiled, and no technical telemetry profiles are ever linked to your support correspondence.

Article V: Server Logging Protocols & Automated Rolling Overwrites

5.1. Infrastructure Security Logs: Our web servers and content delivery networks (CDN) maintain basic network logs strictly to ensure server uptime and prevent DDoS attacks. These server logs record general transaction metadata, including connection timestamps, requested URLs, user-agent indicators, and the request status code.

5.2. Anonymization and Deletion: These logs do not contain personal profiles or tracking identifiers, and the IP addresses are partially masked at the gateway. Security logs are automatically overwritten on a strict, rolling 7-day schedule, preventing the long-term storage of network traffic histories.

Article VI: Data Subject Rights & CCPA/GDPR Compliance Out of the Box

6.1. Compliance through Omission: We comply with all global data protection standards (including the European Union's General Data Protection Regulation - GDPR, the California Consumer Privacy Act - CCPA, and regional guidelines) through the ultimate standard of data omission. Because we do not collect, store, buy, sell, profile, or process your personal data, telemetry records, or behavioral indices, your rights to erasure, access, correction, and portability are satisfied instantly. There is simply no personal database in existence to request access to or deletion of.

6.2. No Profiling: We engage in zero automated decision-making, zero user profiling, and zero cross-site behavioral tracking. Your developer workflow remains fully sovereign and private.

Article VII: Third-Party Integration and Script Exclusions

7.1. No Third-Party Scripts: QXS Foundations completely rejects the use of third-party tracking scripts, analytics cookies, or web beacons. Our subdomains do not host Google Analytics, Hotjar, Facebook Pixel, or any other tracking tools. All styling libraries, interactive scripts, and font layers are served directly from our secure local servers or are bundled locally to ensure that external servers cannot profile your visiting patterns.

7.2. Audit of Public Mirrors: We routinely audit our community mirror repositories and downloads to ensure that no third-party package dependencies silently introduce tracking SDKs, analytics loops, or remote telemetry frameworks.

Article VIII: Auditability, Public Mirroring, and Supply Chain Security

8.1. Source Transparency: The only way to guarantee a zero-telemetry environment is through complete source code auditable transparency. Every line of QXS code is published openly on our Git mirrors, allowing independent developers and security firms to inspect the codebases, verify compilation structures, and guarantee the absolute absence of unannounced data transmission scripts.

8.2. Secure Supply Chain: All official release archives are signed with verified GPG keys. We advise all users to check the cryptographic signature of their downloaded packages to verify that the files have not been intercepted, modified, or loaded with third-party tracking components.

Article IX: System Modifications and Policy Adaptation Standards

9.1. Policy Updates: The Foundation reserves the right to modify this Privacy Policy as new technologies, tools, and subdomains are integrated into the QXS ecosystem. When an update occurs, the date at the top of this document will be updated, and the new version will be published instantly on the legal portal.

9.2. No Policy Dilution: We promise that no future policy update will ever dilute our commitment to a zero-telemetry environment. QXS Foundations will remain sovereign, private, and local-first forever.

Article X: Legal Contacts, Dispute Resolution, and Sovereignty

10.1. Contact Channels: For any privacy-related questions, developer audits, or coordinate reporting, you may reach us directly at: contact@qxs-foundations.org.in.

10.2. Sovereignty: Your data belongs to you. By choosing QXS, you assume complete control over your local security protocols, encryption boundaries, and computing sovereignty. We respect and protect that choice by remaining completely out of your data loops.

Cookie and Session Integrity Policy

Last updated: June 2026 — Version 1.9 — Session Standards

THIS COOKIE POLICY EXPLAINS HOW OUR SUBDOMAINS MAINTAIN MAXIMUM OPERATIONAL PRIVACY BY COMPLETELY BANNING BEHAVIORAL TRACKING AND ADVERTISING COOKIES, RESTRICTING LOCAL SESSION DATA ONLY TO STRICTLY NECESSARY SYSTEM OPERATIONS.

Article I: Preamble and Basic Definitions of Tracking Technologies

1.1. Cookie definition: Cookies are small text files placed on your local browser cache by web servers to store configuration parameters, preferences, and session variables. Local Storage and IndexedDB are client-side database utilities built into modern browsers that allow web applications to retain layout states and configurations locally.

1.2. Tracking Exclusions: QXS Foundations operates under a strict cookie exclusion policy. We believe that developers and builders should be able to read documentation, review products, check timelines, and browse subdomains without having their browser histories tracked, indexed, or commodified by third-party advertising conglomerates.

Article II: Classification of Cookies & Absolute Exclusions

2.1. Essential Session Storage: We only save cookies or local storage states in your browser when they are strictly, technically necessary for the functional operation of the website. These essential storage components do not track you across other websites, do not record your personal information, and cannot be used to profile your computing habits.

2.2. No Marketing Cookies: We strictly do not use, save, or allow marketing cookies, retargeting pixels, social media widgets, or advertising cookies on any QXS domain or subdomain. Your browser memory remains completely free of corporate tracking footprints when you visit our sites.

Article III: Strictly Essential Cookies & System-Defined Storage Bounds

3.1. Essential Parameters: The strictly necessary local storage values saved on QXS domains are limited to:

  • Active Tab States: Storing which document tab you have selected on the legal directory to ensure the active tab remains consistent if you refresh the page.
  • UI Layout Choices: Retaining whether you have expanded or collapsed the mobile navigation menu, preventing the menu from visual glitches during viewport changes.
  • Safe Key Iterations: QXS Safe Manager may utilize local browser session states strictly to perform cryptographic operations (such as holding your active Argon2ID hash in temporary memory only during the active safe session, purging it immediately upon tab closure).

3.2. Auto-Purge: Any essential cookies saved in your browser are session-based and are configured to automatically self-destruct as soon as you close your browser tab or clear your web cache.

Article IV: Complete Ban on Analytical, Behavioral, and Third-Party Pixels

4.1. Analytical Exclusions: We completely exclude Google Analytics, Hotjar, Facebook Connect, DoubleClick, and all other behavioral profiling and analytics platforms. We do not analyze your browsing journey, and we do not compile heatmaps or scroll logs. We believe the best way to protect your privacy is to simply never collect this data in the first place.

4.2. No Social Tracking: We do not integrate active social media share buttons that silently load tracking scripts in the background. All links to public platforms are static HTML elements that do not drop tracking scripts or cookies onto your computer.

Article V: Web Subdomains Auditing & CDN Containment Policies

5.1. Subdomain Audits: The Foundation regularly audits all subdomains (www, docs, safe, lang, os, wsc, ai) to ensure that no developer updates accidentally introduce unauthorized cookies or session logs. All scripts, fonts, and styling elements are audited for strict privacy compliance.

5.2. CDN Isolation: When using content delivery networks to distribute static site assets, we configure our gateways to strip all tracking headers, preventing CDN providers from dropping cookies or logging visitor behavioral profiles.

Article VI: Local Browser Controls, Configuration, and No-Degradation Guarantee

6.1. Browser Controls: You maintain absolute control over your browser security settings. You can choose to block all cookies, clear local storage volumes, or browse our subdomains using privacy-focused browsers or private window modes (Incognito).

6.2. No Degradation: Unlike corporate websites that lock you out or break completely if you reject cookies, QXS Foundations sites are engineered to remain fully functional, lightweight, and accessible even if you block cookies and local storage entirely in your browser settings. You will suffer zero degradation in reading our docs, reviewing our products, or downloading our source archives.

Article VII: Policy Updates, Regulatory Alignments, and Contacts

7.1. Policy Updates: This Cookie Policy may be updated to reflect changes in web standards or system configurations. Any updates will be posted here with an updated version number.

7.2. Legal Inquiries: If you have any questions or require an audit of our cookie-free systems, you may contact our systems administrator at: contact@qxs-foundations.org.in.

Open Source and Licensing Notice

Last updated: June 2026 — Version 4.3 — Primary Licensing Document

QXS Foundations is dedicated to sovereign open or Closed access. Our tools are released under permissive with some restrictions/ open / proprietary licensing, accompanied by clear, public contribution guidelines.

Article I: Hybrid Sovereign Licensing Architecture

1.1. Foundational Purpose: Modern software licensing paradigms are structurally broken. Standard corporate permissive licenses allow massive tech conglomerates to ingest open-source libraries, package them inside proprietary cloud API loops, and restrict developer sovereignty. Conversely, strict copyleft models can stifle enterprise integration and local prototyping. To solve this, QXS Foundations implements a robust, multi-tier hybrid licensing approach: **Sovereign Open or Closed Access**.

1.2. Multi-Tier Classification: To support independent application development while protecting core architectural research from corporate exploitation, the QXS ecosystem is partitioned into distinct licensing categories:

  1. Permissive Open Modules: Basic CLI utilities, local client drivers, document templates, and design schemas are released under highly permissive terms (such as MIT or Apache 2.0 dual licenses), allowing builders to integrate, modify, and distribute these layers with complete freedom.
  2. Permissive with Restrictions: Core compiler blocks (such as QXS Lang compiler modules) and fundamental cryptographic security boundaries are released under custom permissive licenses that mandate absolute source attribution, GPG commit tracing, and restrict remote corporate SaaS packaging without providing local-first compiler execute options to end-users.
  3. Proprietary / Closed Kernels: Early-stage operating system core modules (QXS OS kernels), low-level virtual machine layers, and experimental Wave State Computer (WSC) hardware simulation architectures may utilize proprietary or closed access models. This protects experimental architectural research from intellectual property dilution, ensuring that sovereign hardware and kernel designs remain secure and independent during early maturation phases.

Article II: Foundational Philosophy: Permissive vs Proprietary

2.1. Sovereignty Over Corporate Lock-in: The Foundation believes that open source must serve the individual developer, not just large cloud infrastructure corporations. By selectively employing proprietary licenses on core kernel structures while keeping compilers open and transparent, we prevent massive conglomerates from enclosing the QXS stack. This ensures the survival of an independent ecosystem for small and mid-level application developers.

2.2. Sovereign Balance: This hybrid approach guarantees that the tools you build with remain open, customizable, and free from licensing traps, while the underlying deep-tech research remains shielded from corporate exploitation.

Article III: Permissive Open Modules (MIT/Apache 2.0 Dual License)

3.1. License Grant: The permissive open-source modules of the QXS stack are dual-licensed under the terms of the MIT License and the Apache License, Version 2.0. You may choose either license when modifying or distributing these modules.

3.2. MIT Terms: Permission is hereby granted, free of charge, to any person obtaining a copy of these open-source modules, to deal in the software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software, subject to preserving the original copyright notice in all copies.

3.3. Apache 2.0 Terms: Subject to the terms and conditions of the Apache 2.0 License, each contributor grants You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright and patent license to reproduce, prepare derivative works of, publicly display, and distribute the Work.

Article IV: Permissive with Restrictions (Intent-Aware Compiler Safety Clauses)

4.1. Intent-Aware Licensing: Core compiler layers (such as QXS Lang modules) are licensed under custom permissive terms containing strict safety and sovereignty restrictions. You are fully permitted to download, compile, modify, and use the compiler locally to build any software applications.

4.2. SaaS Restrictions: You agree not to wrap the compiler engine into a proprietary, paid cloud compiling API that restricts developers from downloading the source code or compiling their codebases locally. If you offer QXS compilation services, you must provide the end-users with the exact compiler configuration files and command-line scripts to reproduce the builds locally on their own hardware.

Article V: Proprietary / Closed Kernels

5.1. Sovereign Hardware Research: Deep hardware simulation blueprints, experimental wave state math arrays, and core OS kernel blocks are protected under proprietary licensing models. Access to these source codes is provided strictly on a read-only, review-only basis through our public git mirrors for security auditing and educational verification.

5.2. Distribution Ban: You are strictly prohibited from compiling, repackaging, or distributing these closed/proprietary modules for commercial purposes without securing prior, explicit written authorization from QXS Foundations' governing board.

Article VI: Public Code Mirroring, Auditing, and Supply-Chain Safety

6.1. Auditable Transparency: Regardless of whether a QXS module is licensed as permissive, restricted, or closed/proprietary, the Foundation publishes every single line of active source code on our public Git mirror repositories (git.qxs-foundations.org.in). We reject security through obscurity, ensuring that independent builders can audit every logic block, verify compilation variables, and guarantee the complete absence of backdoors, telemetry, or hidden tracking scripts.

6.2. Supply Chain Verification: Every official software release is signed using the Foundation's verified GPG key. Builders are advised to cryptographically verify these signatures to guarantee that their local installations exactly match the audited source blocks published on our mirrors.

Article VII: GPG Cryptographic Signatures & Commit Verification Standards

7.1. Strict Signature Rules: To protect the ecosystem against supply chain compromises and code injection attacks, the Foundation enforces a strict GPG commit signature policy. Every commit in our public tree must be cryptographically signed by a verified GPG key linked to an authorized contributor's public profile.

7.2. Automatic Rejection: Any commits that lack a verified GPG signature, contain altered hash chains, or fail our automated container validation checks will be automatically, permanently rejected from our primary git mirror streams.

Article VIII: Contributor License Agreement (CLA) & Intellectual Property Assigns

8.1. Submission of Contributions: When you submit any code, document updates, bug fixes, or architectural proposals to the Foundation, you agree to assign contribution rights under the terms of our Contributor License Agreement (CLA).

8.2. IP Assignment: By submitting a contribution, you grant the Foundation a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright and patent license to reproduce, adapt, compile, and distribute your contributions under our hybrid licensing architecture, while maintaining your personal attribution in the contributor roll.

Article IX: Licensing Arbitration, Rights Enforcement, and Foundation Autonomy

9.1. Licensing Disputes: Any dispute, claim, or copyright inquiry arising under this Licensing Notice shall be submitted exclusively to independent open-source arbitration overseen by a technical audit panel proficient in software licensing, source provenance, and compiler safety systems.

9.2. Autonomy Statement: QXS Foundations remains fully autonomous. We do not accept corporate sponsorships that mandate licensing changes, guaranteeing that the QXS stack will remain sovereign, open, and builder-focused forever.