Security

CheckPQC inherits the Aegyrix Security Suite baseline: TLS 1.3 first, hybrid PQC key agreement, AEAD ciphers only, HSTS preload, OCSP stapling, no third-party trackers, signed builds, and SLSA provenance on every release.

Reporting an issue

CheckPQC is free and provided as-is under the MIT license — no warranty, no SLA, no bug bounty. If you find a real security issue, email security@checkpqc.com or open a private advisory at github.com/aegyrix/checkpqc.app. We'll read every report and fix what we can.

Machine-readable contact: /.well-known/security.txt.