Post-Quantum Cryptography Security Platform

Data Protection Commitment

At AI PQC Audit, we understand the critical importance of protecting sensitive organizational data. This privacy policy outlines our commitment to maintaining the highest standards of data protection and privacy for all our clients, including compliance with the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR).

Privacy Rights: This policy ensures compliance with CCPA, GDPR, and other applicable privacy laws. You have specific rights regarding your personal data, including the right to access, correct, delete, and port your information.

Information We Collect

Audit Data: Files, documents, network configurations, and code submitted for security analysis
System Information: Domain names, device inventories, and infrastructure details provided for assessment
Analysis Results: AI-generated reports, risk assessments, and security recommendations
Account Information: Contact details and organizational information for audit session management

How We Use Your Information

Security Analysis: Exclusively for conducting AI security and post-quantum cryptography assessments
Report Generation: Creating comprehensive security reports and recommendations
Platform Operation: Maintaining secure audit sessions and user access
Compliance: Meeting regulatory requirements and security standards

Data Retention Policy

Uploaded Files: Automatically deleted after 14 days
Immediate Deletion: You can request earlier purge at any time
Audit Results: Retained for 2 years for historical analysis
Reports: Available for download indefinitely in your account
Account Closure: All data permanently deleted within 30 days

Third-Party Data Sharing Policy

We do not share customer data with any third parties under any circumstances.

No data sharing with analytics providers
No data sharing with marketing companies
No data sharing with external service providers
No data sharing with technology partners
No data sharing with government agencies (except as legally required)

100% Data Isolation

Your data stays within our secure US infrastructure

Data Security Measures

Infrastructure Security

US-based data centers exclusively
End-to-end encryption for all data
Post-quantum cryptographic algorithms (AES-256-GCM, SHA-3)
Quantum-resistant session management and data protection
Secure data transmission protocols
Regular security audits and assessments

Access Controls

US-citizen personnel only
Role-based access controls
Multi-factor authentication using FIPS 140-2 approved algorithms
AES-256 encryption with secure key generation
Comprehensive audit logging

Data Retention and Disposal

Retention Policy

Audit Data: Retained for analysis and report generation during active sessions
Session Data: Maintained for historical reference and compliance
Analysis Results: Stored securely for customer access and download
System Logs: Retained for security monitoring and incident response

Secure Disposal

Cryptographic Deletion: Secure key destruction for encrypted data
Physical Destruction: Secure media destruction when hardware is retired
Verification: Confirmed data deletion with audit trails
Compliance: Disposal methods meeting federal security standards

California Consumer Privacy Act (CCPA) Rights

California residents have specific rights under the CCPA regarding their personal information:

Right to Know

Categories of personal information collected
Sources of personal information
Business purposes for collection
Categories of third parties (none in our case)

Right to Delete

Request deletion of personal information
Secure deletion from all systems
Confirmation of deletion
No discrimination for exercising rights

No Sale of Personal Information: We do not sell personal information to third parties and have not sold personal information in the past 12 months.

General Data Protection Regulation (GDPR) Compliance

For individuals in the European Union, we comply with GDPR requirements:

Individual Rights

Right of access to personal data
Right to rectification (correction)
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability

Legal Basis

Legitimate business interests
Contract performance
Legal compliance requirements
Explicit consent where required
Data minimization principles

Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at info@aipqaudit.com within 30 days of your request.

Legal Compliance and Disclosure

We may disclose customer information only in the following limited circumstances:

Legal Requirements: When required by valid court orders, subpoenas, or other legal process
National Security: When required by valid national security orders or directives
Customer Consent: When explicitly authorized by the customer in writing
Emergency Situations: To prevent imminent harm to persons or property

In all cases, we will notify customers of any disclosure requests unless legally prohibited from doing so.

How to Exercise Your Privacy Rights

To exercise your privacy rights under CCPA, GDPR, or other applicable laws:

Submit a Request

Email: info@pqaudit.com
Subject: "Privacy Rights Request"
Include: Your name, organization, and specific request
Response: Within 30 days

Identity Verification

Required for all requests
Secure verification process
Protection against fraudulent requests
Authorized representatives accepted

Privacy Questions and Contact

If you have questions about this privacy policy or our data protection practices, please contact us:

Privacy Office:
AI PQC Audit
Silicon Valley, California

Privacy Email:
info@aipqaudit.com

Data Protection Officer:
info@aipqaudit.com

Last Updated: July 16, 2025 | Compliant with CCPA, GDPR, and federal privacy standards

Privacy Policy