Privacy Policy
Last updated: July 1, 2026 · Operated by the QuantumSafe project ("we", "us").
This Privacy Policy explains what information QuantumSafe ("the Service") collects, how we use it, and the choices you have. By using the Service you agree to this policy.
1. Information we collect
- Account data: your email address and a securely hashed password (we never store your password in plain text).
- Scan data: repository URLs you submit, uploaded code archives, and the findings produced (file paths, line numbers, detected algorithms). Uploaded archives are scanned in a temporary location and deleted immediately after scanning; only the resulting findings are stored.
- Technical data: standard server logs and rate-limiting data (e.g. IP address) used for security and abuse prevention.
- Local storage: we store an authentication token in your browser's local storage so you stay signed in. This is strictly necessary for the Service to function.
2. How we use information
- To provide and operate the Service (run scans, show results, manage your account).
- To send transactional emails (verification, password reset, and scan alerts you opt into).
- To secure the Service, prevent abuse, and comply with legal obligations.
3. How we share information
We do not sell your personal data. We share data only with service providers that help us run the Service, including:
- [HOSTING PROVIDER, e.g. Render] — application and database hosting.
- [EMAIL PROVIDER] — sending transactional email.
We may disclose information if required by law or to protect our rights and users.
4. Data retention & deletion
We retain account and scan data while your account is active. You can permanently delete your account and all associated data yourself at any time from Settings → Privacy & your data → Delete my account, or by contacting dlichtenberger91@gmail.com.
5. Your rights
Depending on your location (e.g. under GDPR or CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. You can export everything we hold about you from Settings → Privacy & your data → Export my data, and delete your account there too. For any other request, contact dlichtenberger91@gmail.com.
6. Security
We use industry-standard measures including password hashing (bcrypt), hashed API keys, encrypted transport (HTTPS), and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Children's privacy
The Service is not directed to children under 13 and we do not knowingly collect their personal data.
8. International users
Your information may be processed in countries other than your own. We take steps to ensure appropriate safeguards are in place.
9. Changes
We may update this policy. Material changes will be posted here with an updated "Last updated" date.
10. Contact
Questions? Contact dlichtenberger91@gmail.com.