Privacy Policy — PQCServer

Who we are

PQCServer is a post-quantum cryptographic infrastructure service developed and operated by OnionSearchEngine LLC, a limited liability company incorporated in the United States of America. The service is accessible at pqcserver.com and through the public API at api.pqcserver.com/v1.

PQCServer provides users with tools for generating, storing, and exchanging post-quantum cryptographic keys, end-to-end encrypted messaging, encrypted email (PQCMail), encrypted file vaults, and related services — including PQCMail (pqcmail.org), PQCToolkit, and the Onion service family. Every piece of content handled by the platform — messages, files, and emails — is encrypted using NIST-standardised post-quantum algorithms before it ever leaves your device.

This Privacy Policy is governed by the laws of the United States. For users located in the European Economic Area (EEA) or the United Kingdom, we voluntarily apply principles aligned with the GDPR as a best-practice standard, even though OnionSearchEngine LLC is not legally established within the EU or UK.

Data we collect

// Minimal by design — only three fields

We collect the absolute minimum required to operate the service. Registration requires only:

Email address — used as your unique account identifier and for essential system notifications (e.g. "you have a new encrypted message"). The notification contains no message content.
Username — freely chosen by you; pseudonyms are fully supported and encouraged.
Password — stored exclusively as a bcrypt hash with salt. It is never transmitted or stored in plaintext. We cannot recover it.

// Public cryptographic keys (not personal data)

During key generation, your public KEM key (ML-KEM-1024) and public DSA key (ML-DSA-87) are published to our key registry so that other users can send you encrypted messages and verify your signatures. These are public by design and contain no personal information. Your private keys are never transmitted to the server — they are generated and stored exclusively on your device.

// Minimal technical data

Session token (PQCSESS) — a temporary identifier, not linked to IP or device.
Anonymised application error logs — stripped of any personal identifiers.

Purposes of processing

Your data is used solely for the following purposes:

Service delivery — authentication, account management, and routing of encrypted content.
System notifications — zero-knowledge email alerts sent via OnionMail SMTP. The content of messages, files, or emails is never included.
Security and integrity — anomaly detection and abuse prevention.
Legal compliance — responding to valid legal obligations under applicable US law.

We do not use your data for profiling, advertising, or any form of behavioural analytics.

Post-quantum encryption — everything, always

// Zero-knowledge architecture

All conversations, files, and emails on PQCServer are encrypted end-to-end using post-quantum cryptography — on your device, before any data reaches our servers. We receive, store, and transmit only ciphertext. We are technically and architecturally incapable of reading your content. There are no backdoors, no master keys, no server-side decryption of any kind.

Every category of user content is protected:

Messages — encrypted client-side with ML-KEM-1024 key encapsulation before transmission.
Emails (PQCMail) — post-quantum encrypted end-to-end between registered users.
Vault files — encrypted locally before upload; the server stores only the ciphertext and an encrypted IV.
Digital signatures — all signed content uses ML-DSA-87, verifiable by recipients without server involvement.

Cryptographic operations are performed by the open-source libraries @noble/post-quantum (JavaScript) and Bouncy Castle 1.78.1 (Kotlin/Java), available for public inspection. The full PQCServer source code is published at github.com/onionsearchengine/pqcserver under the AGPL v3 license.

Algorithms in use — all standardised by NIST (2024):

ML-KEM-1024 (FIPS 203) — key encapsulation / hybrid encryption
ML-DSA-87 (FIPS 204) — digital signatures
SLH-DSA (FIPS 205) — stateless hash-based signatures

Data we do NOT collect

PQCServer is built on radical data minimisation. Beyond the three registration fields listed in Section 2, we do not collect or retain:

IP addresses (not logged at the application level)
User agent strings or device fingerprints
Private cryptographic keys — ever
Plaintext content of messages, emails, files, or notes
Geolocation data
Payment information (the service is currently free of charge)
Browsing behaviour, clickstreams, or analytics data
Any data from third-party trackers or advertising networks

Cookies & sessions

We use a single session cookie (PQCSESS) that is strictly necessary for the service to function. We do not use third-party cookies, tracking cookies, or analytics cookies of any kind.

The session cookie is:

Strictly necessary — no consent banner required
Not correlated with your IP address or device fingerprint
Automatically deleted on session expiry or logout

Third-party sharing

We do not sell, rent, or share personal data with any third party for commercial purposes. Limited exceptions:

Infrastructure provider — our VPS is hosted with a European provider. All data is encrypted at rest and in transit (TLS 1.3). The provider has no access to plaintext content.
Cloudflare — used as CDN and DDoS protection layer. Cloudflare processes only encrypted TLS traffic and cannot access application data. See: Cloudflare Privacy Policy.
Legal process — we may disclose the email address, username, and encrypted content if compelled by a valid US legal order. We cannot decrypt content — any data produced in response to legal process will be ciphertext only.

Data retention

We retain data for the shortest time necessary:

Account data (email, username, password hash) — for the lifetime of the active account.
Encrypted messages — until deleted by the recipient, or a maximum of 90 days from the date sent.
Encrypted emails (PQCMail) — until deleted by the user.
Vault files — until explicitly deleted by the user.
Anonymised system logs — maximum 30 days.
Post-deletion residual data — purged within 30 days of account closure.

Your privacy rights

Regardless of your location, you may contact us at any time to:

Access — request a copy of the personal data we hold about you (email address and username).
Correct — update your email address or username.
Delete — request permanent deletion of your account and all associated data.
Export — receive your data in a portable, machine-readable format.
Object — object to any processing beyond what is strictly necessary for service delivery.

Send requests to the contact address in Section 12. We will respond within 30 days.

EEA / UK users: you also have the right to lodge a complaint with your local data protection authority. We will cooperate in good faith with any such inquiry, even though we are not EU-established.

California residents: under the CCPA you have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

Security

Our security posture is built on the assumption that the server should never be trusted with plaintext:

All transmissions via TLS 1.3 / HTTPS
MongoDB accessible only from VPS internal network — not exposed to the internet
Passwords stored as bcrypt hashes with per-user salt
All user content encrypted with NIST PQC algorithms before server receipt
Tor (.onion) access available for metadata-resistant connectivity
Full source code published under AGPL v3 for independent audit

In the event of a data breach affecting personal data, we will notify affected users promptly and, where required, report to competent authorities in accordance with applicable law.

Minors

PQCServer is not directed to individuals under the age of 13 (or 16 for EEA users). We do not knowingly collect personal data from minors. If you believe a minor's data has been submitted to the service, please contact us immediately and we will delete it without delay.

Contact & Data Controller

// Data Controller

Company: OnionSearchEngine LLC
Jurisdiction: United States of America
Service: PQCServer — pqcserver.com
Email: [email protected]
PQCMail: [email protected]
Tor address: utk4jxph6ekxrtnk73qfciu3md2b44iefxxbghaeo3tx6627r45t5vqd.onion
GitHub: github.com/onion-search-engine/pqcserver

For confidential inquiries, we recommend contacting us via PQCMail (pqcmail.org) using post-quantum end-to-end encryption.

This policy may be revised periodically. Material changes will be communicated by email to registered users before taking effect. The current version is always available at pqcserver.com/privacy.