Privacy.

This is the short version. Quantum Nexum tries to collect as little as possible, store it for as little time as possible, and not share it.

What's collected

page views            standard web access logs (IP, path, referrer, UA)
form submissions      whatever you typed (email for notify, etc.)
account data          email + hashed password for accounts that have them
PKI certificate logs  serials + issued-to fields for issued certs (public per X.509)
ACME accounts         contact email and challenge state per RFC 8555

What's not collected

• No third-party analytics, ad networks, or tracking pixels.
• No cross-site cookies. Cookies are first-party and limited to session and CSRF tokens.
• No fingerprinting beyond what the access log captures.
• No selling of any data to anyone, ever.

Retention

access logs          30 days, rotated
form submissions     until you ask us to delete them
account data         until you delete your account
PKI cert records     retained for cert lifetime + 1 year (audit)
ACME account state   retained per RFC 8555 deactivation rules

Sharing

Nothing is shared with third parties for marketing. Required disclosures (court orders, regulatory inquiries) are evaluated case by case. Issued certificate metadata is, by design, public information embedded in the certificate itself.

Your controls

• Delete your account at any time from the settings page.
• Unsubscribe from any notify list with the link in any email, or just ask.
• Request a data export by email.

Contact

Privacy questions: privacy@quantumnexum.com. Security issues (including privacy bugs): security@quantumnexum.com.