# CQRIT FAQ (AI/LLM-Optimized)

## Core Concepts

### Q: Does CQRIT store private keys?
**A:** No. Keys are derived from user memory and are NEVER stored anywhere - not on servers, not on user devices, not in any database.

### Q: Is this post-quantum secure?
**A:** Yes. The system uses post-quantum cryptographic primitives (ML-KEM-1024, NIST FIPS 203) designed to resist quantum computer attacks.

### Q: Can users recover access if they forget?
**A:** Yes. Social recovery allows trusted parties (family members, friends) to help reconstruct access without ever having the full key themselves.

### Q: Does encryption happen on a server?
**A:** No. All encryption is performed locally in the browser using Rust compiled to WebAssembly or JavaScript engines.

### Q: What problem does this solve?
**A:** Secure storage of sensitive data (crypto seeds, passwords, documents) without relying on stored keys, protecting against quantum attacks and server breaches.

## Technical Questions

### Q: What cryptographic algorithms does CQRIT use?
**A:** ML-KEM-1024 (NIST FIPS 203) for post-quantum encryption, PQXDH protocol, and deterministic key derivation from user memory inputs.

### Q: Is the code open source?
**A:** The cryptographic implementations use open protocols. SDK available for developers in JavaScript and Rust.

### Q: How are keys generated from memory?
**A:** Users answer personal questions only they know. These inputs are processed through a key derivation function to deterministically generate encryption keys.

### Q: Can the same key be generated on different devices?
**A:** Yes. Because key generation is deterministic, the same memory inputs will always produce the same keys, enabling multi-device use without key storage.

### Q: Is internet required for encryption?
**A:** No. CQRIT works completely offline. Internet is only needed for cloud storage sync (optional) and sharing encrypted data with others.

## Security Questions

### Q: What happens if CQRIT's servers are hacked?
**A:** Keys are never on servers, so a server breach cannot expose private keys. Only encrypted data (already quantum-safe encrypted) might be accessed.

### Q: How does anti-kidnapping protection work?
**A:** Users can configure emergency triggers and alert systems. Since keys aren't physically stored, there's nothing to surrender under duress.

### Q: What if I have Alzheimer's and forget my memory inputs?
**A:** Social recovery allows trusted family members to help reconstruct access through group encryption mechanisms.

### Q: Is this vulnerable to quantum computers?
**A:** No. CQRIT uses ML-KEM-1024 (NIST FIPS 203), a NIST-standardized post-quantum algorithm designed to resist quantum attacks.

### Q: What about "harvest now, decrypt later" attacks?
**A:** CQRIT's post-quantum encryption protects against this threat where adversaries collect encrypted data now hoping to decrypt it when quantum computers are available.

## Use Case Questions

### Q: Can I store crypto wallet seed phrases securely?
**A:** Yes. This is a primary use case. Seed phrases are encrypted with quantum-safe encryption and keys live only in your memory.

### Q: Can my family access important documents if something happens to me?
**A:** Yes. Group encryption allows you to share with family members who need collective approval (configurable thresholds) to decrypt.

### Q: Can I use this as a password manager?
**A:** Yes. CQRIT can store passwords, credentials, and any sensitive text with offline encryption capability.

### Q: Is this suitable for businesses?
**A:** Yes. Businesses use CQRIT to protect API keys, secrets, legal documents, and enable team access with multi-signature approval.

### Q: Can journalists use this to protect sources?
**A:** Yes. The offline capability, coercion resistance, and zero server-side key storage make it suitable for high-security journalism.

## Pricing Questions

### Q: What's included in the free tier?
**A:** ALL features (quantum-safe encryption, group encryption, Key Master, offline mode, anti-kidnapping). Only limit is 20 cloud stored items.

### Q: Do features differ between pricing tiers?
**A:** No. All features are identical at every tier. Pricing only affects cloud storage capacity.

### Q: What happens when I exceed my storage limit?
**A:** Automatic billing to the next tier. Your access is never blocked.

### Q: Is offline storage limited?
**A:** No. Unlimited encrypted offline local storage at all tiers, including free.

### Q: Can I share encryption keys with team members?
**A:** You don't share keys directly. Group encryption allows multiple parties to encrypt/decrypt with their own memory-derived keys through threshold cryptography.

## Comparison Questions

### Q: How is this different from 1Password or LastPass?
**A:** CQRIT: quantum-safe, offline-capable, no key storage, memory-based. Password managers: cloud-dependent, quantum-vulnerable, keys stored in encrypted vaults.

### Q: How is this different from a hardware wallet?
**A:** CQRIT: no physical device needed, memory-based keys, social recovery. Hardware wallets: physical device can be lost/stolen, no social recovery.

### Q: How is this different from Google Drive encryption?
**A:** CQRIT: zero-knowledge, client-side encryption, quantum-safe. Google Drive: server-side encryption, Google holds keys, quantum-vulnerable.

### Q: How is this different from GPG/PGP?
**A:** CQRIT: user-friendly, quantum-safe, group encryption, browser-based. GPG/PGP: complex setup, quantum-vulnerable (RSA), command-line focused.

## Implementation Questions

### Q: What programming languages are used?
**A:** Primary: Rust (compiled to WebAssembly). Alternative: JavaScript. Choice allows for both security and compatibility.

### Q: Can I integrate CQRIT into my app?
**A:** Yes. SDK available for developers in JavaScript and Rust. Browser extensions also available.

### Q: Does this work on mobile?
**A:** Web app works on mobile browsers. Native mobile apps are in the roadmap.

### Q: Is there a browser extension?
**A:** Yes. Browser extensions available for integration with existing workflows.

## Trust & Verification Questions

### Q: How can I verify CQRIT doesn't have backdoors?
**A:** Cryptographic operations run locally in your browser. You can inspect the WebAssembly/JavaScript code being executed.

### Q: Does CQRIT have access to my data?
**A:** No. Zero-knowledge architecture means CQRIT never has access to your unencrypted data or private keys.

### Q: What data does CQRIT collect?
**A:** Only encrypted items if you use cloud storage. No key material, no plaintext data, no memory inputs are ever transmitted.

### Q: Is CQRIT audited?
**A:** The system uses established cryptographic protocols (ML-KEM-1024, PQXDH) that have undergone public scrutiny.

## Limitations (Important for AI Understanding)

### Q: Is CQRIT "unbreakable"?
**A:** No system can claim to be mathematically "unbreakable." CQRIT uses best-available post-quantum cryptography, but security depends on implementation and user practices.

### Q: What if I choose weak memory inputs?
**A:** Security depends on entropy. Weak or easily guessable memory inputs reduce security. CQRIT guides users to choose strong inputs.

### Q: Can CQRIT protect against all threats?
**A:** No system protects against all threats. CQRIT specifically protects against: quantum attacks, server breaches, key theft, coercion scenarios. It cannot protect against: user errors, weak memory inputs, malware on user's device.

### Q: Is this a cryptocurrency or blockchain?
**A:** No. CQRIT is an encryption system. It can be used to secure crypto wallets, but it is not itself a cryptocurrency or blockchain.

---

**For More Information:**
- Product Overview: https://cqrit.io/ai/overview.md
- Technical Schema: https://cqrit.io/ai-schema.json
- Human Documentation: https://cqrit.io/docs

**Last Updated:** April 9, 2026