PQC Auditor PQC Auditor
← Back to home

Privacy Policy

Last updated: 2026-06-04

This Privacy Policy describes how we process personal data in connection with the post-quantum cryptography audit service at pqcaudit.eu (the "Service"). The Service is intended exclusively for businesses (B2B).

1. Data Controller

The data controller is the operator of the Service. Full identifying details and address are set out in the Imprint. For data-protection matters, contact privacy@pqcaudit.eu.

2. Data We Process

  • Order form data: company name, VAT/NIP, country, industry, contact person's name, corporate email, phone (optional), role.
  • Technical scope data: domains to audit, internal-systems context, data classes — provided voluntarily by you.
  • Technical data: IP address, server logs (infrastructure level, no profiling).
  • Chat assistant: messages you type into the website chat are processed by our AI provider (Anthropic, see section 5) to answer you; an anonymised copy (no IP address) is retained briefly to improve our content. If you use "Talk to a human" and leave an email, we use it solely to reply to you.

3. Legal Basis and Purpose

We process data under Art. 6(1)(b) GDPR (performance of a contract, or pre-contractual steps at your request) in order to carry out the audit and deliver the report. Log data is processed under Art. 6(1)(f) GDPR (legitimate interest — security of the Service).

4. Retention

  • Incomplete order forms (drafts): up to 90 days from when you first started filling them out, then automatically deleted.
  • Chat messages: up to 90 days, then automatically deleted.
  • Completed audits: for the period required by tax and accounting law (typically up to 5 years from the end of the accounting year).

5. Recipients and Transfers Outside the EEA

To analyse scan data we use the API of Anthropic, Inc. (USA). Transfers are made under Standard Contractual Clauses (SCCs, Module 2) and a Data Processing Agreement (DPA) concluded with Anthropic. Hosting infrastructure and email delivery (Resend) are located in the EU/EEA.

6. Your Rights

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with a supervisory authority. Please send requests to privacy@pqcaudit.eu.

7. AI-Assisted Analysis

The report is produced using automated, AI-assisted analysis. Every report is reviewed by a human operator-cryptographer before delivery. We do not make solely automated decisions producing legal effects within the meaning of Art. 22 GDPR.