Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

Account Information: Email address, hashed password (bcrypt). We never store plaintext passwords.

Payment Information: Processed by Stripe. We do not store credit card numbers on our servers. We only retain your Stripe customer ID for subscription management.

Scan Data: Wallet addresses scanned, blockchain chain, risk scores, timestamps. Wallet addresses are public blockchain data.

Usage Data: API call logs (endpoint, timestamp, response time, status code), IP address, User-Agent. Retained for 30 days, then automatically deleted.

Cookies: Minimal cookies for session management and authentication (JWT). No third-party tracking cookies.

2. How We Use Your Information

  • Providing and improving our services
  • API usage monitoring and billing
  • Security and abuse prevention
  • Service-related notifications
  • Anonymized, aggregated statistics for service improvement

3. Information Sharing

  • Payment Processing: Stripe (see Stripe's privacy policy)
  • Infrastructure: Cloud hosting providers for service delivery
  • Legal Requirements: When required by law, court order, or government request
We do NOT sell or share your personal information with third parties for marketing purposes.

4. Data Retention

  • Operational Logs (API usage): 30 days, then automatically purged
  • Attestation Records: Long-term retention (audit trail -- this is a core product feature)
  • Scan Results: Retained for statistical analysis in anonymized form
  • Account Deletion: Upon request, all personal data deleted within 30 days

5. Security Measures

  • Passwords: bcrypt hashing with salt
  • API Communication: HTTPS encryption (TLS 1.2+)
  • API Keys: Stored as SHA-256 hashes (original key shown only once at creation)
  • BYOK Mode: Your private keys are never transmitted to our servers
  • PQC Operations: Use NIST-standardized algorithms (ML-DSA, SLH-DSA)

6. Your Rights

You have the right to:

  • Access your personal data
  • Request deletion of your account and data
  • Export your data (JSON/CSV format)
  • Opt out of non-essential communications

To exercise these rights, contact support@qsafe.dev

7. Scan Data Notice

Wallet addresses scanned through our service are public blockchain data, freely accessible to anyone. Scan results may be used in anonymized, aggregated form for service improvement and statistical analysis. No personally identifiable information is included in statistical processing.

8. Cookies

  • Essential Cookies: Session management, authentication tokens (required for service)
  • Analytics Cookies: Not currently used
  • Third-Party Cookies: Not used

9. Children's Privacy

QuantumSafe is not intended for users under 18 years of age. We do not knowingly collect information from minors.

10. Changes to This Policy

We will notify users of material changes via email. Continued use of the service after changes constitutes acceptance.

Contact: support@qsafe.dev