Your privacy is fundamental to our mission. This policy explains how we collect, use, and protect your information when you use QuantumSecure services.
QuantumSecure, Inc. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our post-quantum certificate authority services, website, and related applications.
By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
We collect information you provide directly to us, such as when you create an account, purchase certificates, or contact us for support. This may include your name, email address, company information, and payment details.
We collect and process certificate signing requests (CSRs), domain information, and related metadata necessary for certificate issuance and validation.
We automatically collect information about how you use our services, including API calls, dashboard interactions, and system performance metrics.
We collect information about the devices and software you use to access our services, including IP addresses, browser types, and operating systems.
We use your information to provide, maintain, and improve our certificate authority services, including issuing certificates, validating domains, and managing your account.
We use your contact information to send you service-related notifications, security alerts, certificate expiry reminders, and respond to your inquiries.
We use your information to detect and prevent fraud, ensure compliance with industry standards, and maintain the security and integrity of our services.
We analyze usage patterns to improve our services, develop new features, and optimize performance. This analysis uses aggregated and anonymized data whenever possible.
We may share your information with trusted third-party service providers who assist us in operating our services, such as payment processors, cloud infrastructure providers, and customer support tools.
We may disclose your information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.
As required by industry standards, issued certificates may be logged in public Certificate Transparency logs, which are publicly accessible databases.
We use industry-standard encryption to protect your data in transit and at rest. All communications with our services use TLS 1.3 or higher, and sensitive data is encrypted using AES-256.
We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access your information, and only when necessary for service provision.
Our infrastructure is hosted in SOC 2 Type II certified data centers with physical security controls, environmental monitoring, and redundant systems.
We maintain an incident response plan to quickly detect, respond to, and recover from security incidents. We will notify affected users of any data breaches as required by law.
You have the right to access your personal information and, in some cases, receive a copy of your data in a portable format.
You can update your account information and preferences through your dashboard or by contacting our support team.
You may request deletion of your personal information, subject to our legal and regulatory obligations to retain certain records.
You can opt out of marketing communications at any time by using the unsubscribe link in emails or updating your preferences in your account settings.
We operate globally and may transfer your information to countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.
When transferring data from the EU, we rely on adequacy decisions by the European Commission or implement appropriate safeguards such as Standard Contractual Clauses.
We enter into data processing agreements with our service providers to ensure they provide adequate protection for your personal information.
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Certificate-related data may be retained for longer periods to comply with industry standards, regulatory requirements, and to maintain the integrity of the certificate ecosystem.
When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements.
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Email: privacy@quantumsecure.app
Address: 123 Quantum Street, Suite 400, San Francisco, CA 94105
Phone: +1 (555) 123-QSEC