Last revised 2026-05-30 · Permanent URL: qlro.io/independence
The recommendation engine is derived from the open WCPP framework (DOI 10.5281/zenodo.19785800) and the Metriq community snapshot of measured device performance. Qlro Inc. and its parent StockFolio Inc. do not receive payment, equity, referral commissions, or any other form of compensation from any of the quantum hardware vendors that appear in our rankings.
✕ = no compensation received from this vendor. List is illustrative; the rule applies to every vendor we add to future snapshots.
Partners that embed Qlro recommendations in their own products (the Partner Programme) sign a contract clause prohibiting modification of recommendation output before display. The widget at qlro.io/embed/recommend is rendered server-side under the qlro.io origin; partners cannot intercept or modify the recommendation, only style the surrounding frame.
Structural defenses
Defense is structural, not vibes. Every PR that touches a tenant-scoped or audit-grade surface is reviewed against these rules. The full text + verification checklists live in INVARIANTS.md.
No public surface accepts a user-typed observed-fidelity. Submissions only via authenticated SDK + signed device runs. The dataset external papers cite is signed-rows-only.
Recommendations, decision records, fidelity predictions, and intakes all deduct from the same per-key monthly counter. No hidden side-channels, no per-feature quotas.
Once a Qlro snapshot is published it is frozen forever. Re-running on the same snapshot yields the same recommendation.
monthly_usage is keyed on (key_hash, year_month). Exactly one row per key per month. Surfaces never get their own counter; rate-limit cannot leak across customers.
The headline /accuracy Pearson r and RMSE published in monthly snapshots are computed only over feedback rows with a verified device-run signature. Unsigned rows never enter citable stats.
Real work — recommendations driving real spend, outcome submission, decision records — flows through the authenticated CLI/SDK. The marketing site shows what it does; it does not do it.
Partner A cannot enumerate Partner B's customers. Customer X cannot read Customer Y's history. Failed attempts write to audit_log.
Every audit PDF is signed with an Ed25519 keypair. Verify with `qlro verify <report.pdf>` against the public key at /.well-known/.
The widget iframe renders on qlro.io. Partner-name byline, snapshot DOI, 'Verified' badge are all server-rendered and cannot be CSS-hidden.
Citekeys embed the customer-org slug + ORCID. Switching partners doesn't strand any artifact. Your reputation is portable.
A partners row can only be created through the application-review flow. No back-channel inserts, no manual SQL onboarding — every partner has an auditable application record.
Every partner_engagement and engagement_activity row belongs to exactly one partner_id. Partners cannot read or write each other's pipeline; revoking a partner key cuts off all access cleanly.
Auditability
External audits or independent reviews are welcome — contact official@stockfolio.ai.
Partner contract clause (verbatim)
“Partner shall not modify, suppress, or selectively present any portion of the recommendation output produced by the Qlro engine. Partner shall not introduce intermediate logic that biases the displayed recommendation toward any vendor in which Partner has commercial interest. Breach of this clause is grounds for immediate termination of the Partner agreement and revocation of all issued widget keys, without refund.”