Privacy Policy

Axiad PQC Readiness Tester

Effective Date:February 7, 2026•Last Updated:February 7, 2026

Introduction
Information We Collect
How We Use Your Information
Legal Basis for Processing (GDPR)
How We Share Your Information
International Data Transfers
Data Retention
Data Security
Your Privacy Rights
Children's Privacy
Changes to This Privacy Policy
Contact Information

1. Introduction

Axiad IDS, Inc. ("Axiad," "we," "us," or "our") provides the PQC Readiness Tester (the "Tool" or "Service"), a web-based application that tests whether domains support Post-Quantum Cryptography (PQC) key exchange during TLS 1.3 handshakes.

This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Tool. By accessing or using the Tool, you agree to this Privacy Policy.

Important: This Privacy Policy is specific to the PQC Readiness Tester. For information about Axiad's corporate website and other products, please see our Corporate Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Domain Names You Test: When you use the Tool, you enter domain names (e.g., "example.com") to test for PQC compliance. We collect these domain names to perform the scan and provide you with results.

We store domain names temporarily in memory cache (up to 24 hours) to improve performance
Domain names are also sent to our analytics provider (see Section 2.3)

No Account Required: The Tool does not require you to create an account, provide a name, email address, or any other personal information.

2.2 Information Collected Automatically

When you use the Tool, we automatically collect the following information:

Technical Information:

IP Address: Your Internet Protocol (IP) address, which may reveal your general geographic location
Browser Information: Browser type and version, operating system, device type
Usage Data: Pages viewed, features used, date and time of access
Referrer URL: The website you came from before visiting our Tool

Scan Data:

Domains you test and scan results (PQC compliance status, TLS versions, cryptographic groups)
Certificate information from scanned domains
Error information (DNS errors, connection failures, timeout events)
Cache status and rate limiting events

2.3 Analytics and Tracking Technologies

We use PostHog, a third-party product analytics platform, to collect information about how you use the Tool.

Your Consent is Required:

When you first visit the Tool, a consent banner appears at the bottom of your screen. No client-side analytics tracking occurs until you click "Accept."

If you click "Accept": Client-side analytics tracking begins immediately
If you click "Decline": Client-side analytics are disabled and no tracking cookies are stored
Your choice is saved in your browser's localStorage and remembered for future visits
You can change your choice at any time (see Section 9.5)

Client-Side Analytics (ONLY if you click "Accept"):

Page views and navigation paths
Button clicks and interactions
Domains tested and scan results viewed
Session duration and engagement metrics
Hashed version of your IP address

Server-Side Analytics (collected for all users, regardless of consent):

Your actual IP address (for geolocation, abuse prevention, and operational security)
Domains tested and scan results
Error categories and system performance metrics
Rate limiting events

Why these don't require consent: Server-side analytics are essential for preventing abuse, ensuring service availability, detecting security threats, and monitoring system performance. Legal basis: Legitimate interests (GDPR Article 6(1)(f)).

Where Data is Stored: PostHog is based in the United States. Data is stored on PostHog's cloud infrastructure (AWS).

PostHog's Privacy Policy: https://posthog.com/privacy

3. How We Use Your Information

To Provide the Service

Perform TLS scans of domains
Display scan results and certificate information
Cache results to improve performance
Rate limit excessive requests

To Improve the Service

Analyze usage patterns
Identify and fix bugs
Measure scan success rates
Optimize user experience

To Ensure Security

Detect and prevent abuse
Monitor for unusual activity
Enforce rate limits
Investigate security incidents

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Processing Activity	Legal Basis	Consent Required?
Performing TLS scans and displaying results	Contract (GDPR Article 6(1)(b))	No (service provision)
Client-side analytics (page views, clicks)	Consent (GDPR Article 6(1)(a))	Yes - must click "Accept"
Server-side operational analytics (IP logging, error tracking)	Legitimate Interests (GDPR Article 6(1)(f))	No (legitimate interest)
Compliance with legal obligations	Legal Obligation (GDPR Article 6(1)(c))	No (legal requirement)

6. International Data Transfers

Data Transfer to the United States

The Tool is operated from the United States. Your information is processed and stored on servers located in the United States. PostHog (our analytics provider) is also based in the United States.

For EEA, UK, and Swiss Users:

We transfer personal data based on the following safeguards:

Standard Contractual Clauses (SCCs): European Commission-approved clauses for transfers to countries without an adequacy decision
EU-U.S. Data Privacy Framework: For transfers to certified U.S. organizations
UK Extension to EU SCCs: UK International Data Transfer Agreement or UK Addendum
Swiss-U.S. Data Privacy Framework: For transfers from Switzerland

You may request a copy of the safeguards we use by contacting us at privacy@axiad.com.

7. Data Retention

Data Type	Retention Period	Notes
Scan results cache (successful)	24 hours	Automatically deleted
Scan results cache (errors)	5 min - 1 hour	Depends on error type
Analytics data (PostHog)	90 days	Can request earlier deletion
Application logs	30 days	For debugging/security
Access logs	90 days	For security/abuse detection

8. Data Security

We implement reasonable and appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

🔒 Technical Safeguards

Encryption in transit (TLS 1.3)
Encryption at rest
Access controls and MFA
Firewalls and intrusion detection

👥 Organizational Safeguards

Limited access (need-to-know basis)
Confidentiality agreements
Security training
Incident response plan

🛡️ Application Security

Multi-layer input validation
Rate limiting
Content Security Policy (CSP)
Regular security updates

Security Limitations: While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

Data Breach Notification: In the event of a data breach, we will notify you within 72 hours of becoming aware of the breach (as required by GDPR).

To report a security vulnerability: security@axiad.com

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

9.1 Rights for EEA, UK, and Swiss Users (GDPR)

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("Right to be Forgotten")

Right to Restriction

Limit how we process your data

Right to Data Portability

Receive your data in machine-readable format

Right to Object

Object to processing based on legitimate interests

9.2 Rights for California Residents (CCPA/CPRA)

Right to Know: Request disclosure of personal information collected
Right to Delete: Request deletion of personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: We do not sell or share your personal information
Right to Non-Discrimination: No discriminatory treatment for exercising rights

9.3 How to Exercise Your Rights

To exercise any of the rights described above, contact us at:

Email: privacy@axiad.com
Response Time: Within 1 month (GDPR) or 45 days (CCPA)
No Fee: We will not charge a fee unless the request is manifestly unfounded or excessive

9.4 Managing Your Analytics Preferences

How Consent Works

When you first visit the Tool, a consent banner appears at the bottom of your screen asking you to choose:

"Accept": Enables client-side analytics tracking (page views, clicks, interactions)
"Decline": Disables client-side analytics tracking; no tracking cookies are stored

Your choice is binding:

Tracking does NOT start automatically
We only collect client-side analytics data after you explicitly click "Accept"
Your preference is saved in your browser's localStorage
The banner will not appear again unless you clear your browser data

To Change Your Consent Choice:

Clear your browser's localStorage:
- Chrome/Edge: DevTools → Application → Local Storage → Delete analytics_consent
- Firefox: DevTools → Storage → Local Storage → Delete analytics_consent
- Safari: DevTools → Storage → Local Storage → Delete analytics_consent
Refresh the page: The consent banner will reappear
Make a new choice: Click "Accept" or "Decline"

Alternative method: Clear all browsing data for this site in your browser settings.

Server-Side Analytics

Server-side operational analytics (IP addresses, domains scanned, scan results, error logs) are collected for all users regardless of your consent choice. These are necessary for:

Preventing abuse and denial-of-service attacks
Ensuring service availability and performance
Detecting and responding to security threats
Monitoring system health and error rates

Legal basis: Legitimate interests (GDPR Article 6(1)(f))

To object: You may object to server-side analytics processing by contacting us at privacy@axiad.com. We will evaluate your request and balance it against our legitimate interests in operating and securing the Service.

10. Children's Privacy

The Tool is not directed to children under the age of 16 (or under 13 in the United States).

We do not knowingly collect personal information from children
If you are under 16 (or 13 in the U.S.), do not use the Tool
If we learn that we have collected data from a child, we will delete it immediately

Parents and Guardians: If you believe your child has provided information to us, contact us at privacy@axiad.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, new features, or changes in applicable laws.

How We Notify You:

We will post the updated Privacy Policy on this page
The "Last Updated" date at the top will be revised
For material changes, we will provide prominent notice (e.g., banner on the Tool)

By continuing to use the Tool after changes are posted, you accept the updated Privacy Policy.

12. Contact Information

Axiad IDS, Inc.

Privacy Officer / Data Protection Officer:

Email: privacy@axiad.com
Mail: Axiad IDS, Inc., Attention: Privacy Officer, 101 Metro Drive, Suite 560, San Jose, CA 95110
Phone: (408) 841-4670

For Security Issues: security@axiad.com

For General Inquiries: www.axiad.com/contact

Acknowledgment and Consent

By using the PQC Readiness Tester, you acknowledge that:

You have read and understood this Privacy Policy
You agree to the collection, use, and disclosure of your information as described
You understand your privacy rights and how to exercise them
You consent to the transfer of your data to the United States (if you are located outside the U.S.)
If you do not agree with this Privacy Policy, you must not use the Tool

Table of Contents