Privacy

CheckPQC is operated by Aegyrix LLC. We collect the minimum data needed to run scans, mitigate abuse, and operate the service.

What we store

• Scan results. The hostname, port, verdict, handshake metadata (TLS version, cipher, named group, ALPN). Retained for 90 days, then deleted.
• Hashed requester ID. SHA-256 of (IP address + daily rotating salt). We never store raw IPs in our database.
• Operational logs. nginx access logs are kept for 14 days.

What we do not store

• No accounts, no cookies, no third-party trackers in the MVP.
• No referrer headers in API logs.
• No payment data — the MVP is free.

Opting out

Don't want CheckPQC to scan your domain? Publish a TXT record:

_checkpqc-optout.example.com  TXT  "v=optout1; mode=block"

We honour it within 5 minutes. We also honour government-affiliated TLDs (.gov, .mil, .edu) by default unless we have explicit written permission.

Contact

privacy@checkpqc.com