Privacy.
This is the short version. Quantum Nexum tries to collect as little as possible, store it for as little time as possible, and not share it.
What's collected
page views standard web access logs (IP, path, referrer, UA) form submissions whatever you typed (email for notify, etc.) account data email + hashed password for accounts that have them
Once the PKI and ACME services are live, two more categories apply: certificate logs (serials + issued-to fields for issued certs, public by design per X.509) and ACME account data (contact email and challenge state per RFC 8555). Neither service is operating today.
What's not collected
- No third-party analytics, ad networks, or tracking pixels.
- No cross-site cookies. Cookies are first-party and limited to session and CSRF tokens.
- No fingerprinting beyond what the access log captures.
- No selling of any data to anyone, ever.
Retention
access logs 30 days, rotated form submissions until you ask us to delete them account data until you delete your account
When the PKI and ACME services come online: certificate records will be retained for the cert lifetime + 1 year (audit), and ACME account state per RFC 8555 deactivation rules.
Sharing
Nothing is shared with third parties for marketing. Required disclosures (court orders, regulatory inquiries) are evaluated case by case. Issued certificate metadata is, by design, public information embedded in the certificate itself.
Your controls
- Delete your account at any time from the settings page.
- Unsubscribe from any notify list with the link in any email, or just ask.
- Request a data export by email.
Contact
Privacy questions: privacy@quantumnexum.com. Security issues (including privacy bugs): security@quantumnexum.com.