Last Updated: November 21, 2025

At QuantumPass, we don't just write privacy policies; we build privacy into our code. Our "Zero-Knowledge" and "Minimal Data" architecture means we technically cannot access your credentials because we never store them. This policy outlines the limited data we do handle and how we protect it.

1. Information We Do NOT Collect

  • Passwords: We never ask for, process, or store passwords.
  • Private Keys: Your device's private keys never leave your device.
  • Biometric Data: Fingerprints and face data are processed locally by your device's Secure Enclave. We only receive a cryptographic "yes/no" proof.
  • Precise GPS Data: We do not track your precise physical coordinates.

2. Information We Collect

We collect only the metadata necessary to facilitate secure authentication:

  • Public Keys: To verify signatures from your device.
  • Device Metadata: Device model, OS version, and hardware capabilities (to ensure security compliance).
  • Approximate Location: City and State (used for security context and login alerts).
  • Service Logs: IP addresses and timestamps of authentication requests (retained for 30 days for security auditing and threat prevention).
  • Contact Information: If you are an enterprise customer, we store business contact details for billing and support.

3. How We Use Your Information

We use this limited data solely for:

  • Authentication: Verifying that a request comes from your authorized device.
  • Security: Detecting and blocking suspicious activity (e.g., replay attacks, brute force attempts).
  • Service Improvement: Analyzing aggregate usage patterns to optimize performance.

We do not sell your data. We do not use your data for advertising.

4. Data Storage & Security

All data is stored in encrypted databases within secure data centers. We employ:

  • AES-256 encryption for data at rest.
  • TLS 1.3 for data in transit.
  • Strict Role-Based Access Control (RBAC) for employee access.
  • Regular third-party security audits.

5. Your Rights

You have the right to:

  • Request a copy of the metadata we hold about your devices.
  • Request deletion of your account and associated public keys.
  • Revoke access for any specific device at any time via the QuantumPass app.

6. Contact Us

If you have questions about our privacy practices or architecture, please contact our Privacy Officer:

privacy@quantumpass.io