🔒 Privacy Policy

Your privacy is our foundation - complete data protection practices

Privacy-First Architecture

Zero Data Collection

QKey operates on a privacy-first principle: Your cryptographic keys, quantum signatures, and personal data never leave your browser. All operations are performed locally on your device.

What We DON'T Collect

  • Private Keys: Never transmitted or stored on servers
  • Quantum Signatures: Generated and verified locally
  • Bitcoin Addresses: Not logged or tracked
  • Transaction Data: Not stored on our systems
  • Personal Information: No KYC, no accounts, no profiles
  • Browsing History: No tracking cookies or analytics
  • IP Addresses: Not logged for cryptographic operations

Browser-Based Security

Local Operations Only

QKey's cryptographic operations happen entirely in your browser using JavaScript implementations of:

  • CRYSTALS-Dilithium: Post-quantum signature generation
  • Bitcoin Key Management: Address generation and transaction signing
  • Entropy Generation: Secure random number generation
  • Hash Functions: SHA-256, RIPEMD-160 for Bitcoin compatibility

No Server Dependencies

Critical security functions operate without server communication:

  • Key generation uses your browser's cryptographic APIs
  • Signatures are created using pure JavaScript libraries
  • Private keys exist only in your browser's memory
  • No cloud storage or remote key management

Minimal Data Interactions

What We Do Collect (Minimal)

Location Estimation

  • Timezone Only: For atmospheric lighting calculations
  • No GPS: Approximate region from timezone
  • Privacy-Safe: No exact location tracking
  • Purpose: Realistic sun position for UI effects

Waitlist Information

  • Email Address: For token launch notifications
  • Timestamp: Registration time
  • Encrypted Storage: AES-256-GCM protection
  • Rate Limited: Prevents spam and abuse

Data Protection Measures

Encryption Standards

  • Client-Side Encryption: AES-256-GCM for local data storage
  • TLS 1.3: All web communications encrypted in transit
  • No Plaintext Storage: Sensitive data never stored unencrypted
  • Key Derivation: PBKDF2 for password-based encryption

Browser Storage

  • LocalStorage: Theme preferences and UI settings only
  • No Cookies: No tracking or advertising cookies
  • Session Only: Cryptographic keys cleared on page refresh
  • User Control: You can clear all data anytime

Third-Party Services

External Dependencies

QKey minimizes external dependencies to protect your privacy:

  • CDN Libraries: Bootstrap, jQuery, FontAwesome (no tracking)
  • Vercel Hosting: Static site hosting (standard web logs only)
  • No Analytics: No Google Analytics, Facebook Pixel, or tracking
  • No Advertising: No ad networks or marketing pixels

Blockchain Interactions

  • Public Data Only: Bitcoin transactions are public by design
  • No Account Linking: Transactions not associated with identity
  • User-Controlled: You choose when to broadcast transactions
  • Standard Bitcoin: Normal blockchain privacy practices apply

Legal Compliance

GDPR Compliance

  • Minimal Processing: Only necessary data collected
  • Legitimate Interest: Service provision and security
  • Data Portability: Download your waitlist data
  • Right to Deletion: Request data removal anytime
  • Consent Management: Clear opt-in for waitlist

Jurisdiction

  • Primary: United States data protection laws
  • International: GDPR, CCPA compliance where applicable
  • Crypto-Friendly: Operating in jurisdictions supportive of cryptography
  • No KYC Required: Permissionless access to core features

Contact & Data Rights

Exercise Your Rights

Since QKey operates on a privacy-first model with minimal data collection, your rights are largely built into the system:

  • Access: View what minimal data we have via your browser
  • Deletion: Clear browser storage to remove all local data
  • Portability: Export your keys using our download features
  • Correction: Update waitlist information if needed
  • Objection: Opt-out of any communications

Questions or Concerns

For privacy-related questions or to exercise your rights:

  • Email: privacy@qkey.org
  • Response Time: Within 30 days of verified requests
  • Verification: May require identity verification for security

Policy Updates

Last Updated: December 2024

Version: 1.0

Change Notification

  • Material changes will be posted prominently on the website
  • Waitlist subscribers will be notified of significant updates
  • Continued use constitutes acceptance of updated terms
  • Archive of previous versions available upon request

Our Commitment

QKey's mission is quantum-safe Bitcoin protection with maximum privacy. We will never compromise your privacy for profit, analytics, or convenience. Your cryptographic sovereignty is our priority.