What we receive
When you seal a PDF, our API receives the document over TLS. We compute its SHA-256 digest in memory, embed the signatures, and stream the sealed PDF back. The original document bytes are not written to persistent storage.
Legal · placeholder
Privacy
Last updated: April 27, 2026 · Boilerplate, not legal advice. A real policy reviewed by counsel will replace this before launch.
What we retain
Per seal, we retain: the document hash, the two signature values (ECDSA P-256 and ML-DSA-65), the RFC 3161 timestamp token, the certificate chain, the algorithm version, the seal timestamp, and a tenant identifier. We also retain the Certificate of Sealing PDF — a separate, human-readable summary that contains no part of your original document.
What we never retain
The original PDF you uploaded. Its content. Its metadata. Its embedded files or attachments. Any rendering of it.
Account data
We retain account email addresses and authentication artifacts (NextAuth-managed magic links, sessions). We use Resend to deliver transactional email; sending logs are retained per their policy.
Sub-processors
Vercel (frontend hosting), AWS (App Runner, S3, DynamoDB, Postgres on Neon), Stripe (billing), Resend (email), DigiCert / FreeTSA (timestamping). A current list is available on request.
Your rights
You can delete your account and Certificate of Sealing PDFs at any time from the dashboard. Audit records (hashes only) are retained per your plan's audit-log retention setting; you can request earlier deletion in writing, subject to legal hold obligations.
Contact
Privacy questions and data-subject requests: privacy@pqcshield.example.