FIPSign (fipsign.dev) is a post-quantum signing service operated by an independent developer based in Argentina. References to "we", "us", or "FIPSign" in this policy refer to that individual operator.

For any privacy-related inquiries, contact us at [email protected].

We collect the minimum data necessary to operate the service:

• Email address — provided by you when creating an account. Used for authentication (one-time password / OTP) and service communications.
• Usage data — number of tokens consumed per month, per project, and per API key. Used to enforce free tier limits and display your usage dashboard. No personally identifiable content from your signed payloads is stored.
• API key metadata — hashed API keys (we never store raw keys), key names, creation dates, and last-used timestamps.

We do not collect names, phone numbers, payment card numbers, physical addresses, or any other personal data beyond your email address.

Your email address is used exclusively for:

• Sending one-time password (OTP) codes for authentication.
• Transactional communications — account-related notices, service changes, security alerts.
• Service updates and product announcements from FIPSign. You may opt out of these at any time by clicking the unsubscribe link in any such email or by contacting us at [email protected].

We do not use your data for advertising, profiling, or any purpose beyond operating and improving the FIPSign service.

We use the following third-party services to operate FIPSign. Each acts as a data processor under our instruction:

• Email delivery — we currently use Resend (resend.com) to send OTP codes and service emails. Your email address is shared with this provider solely for delivery purposes. The email delivery provider may change over time; we will update this policy accordingly and notify users of material changes.
• Infrastructure — FIPSign runs on Cloudflare's global network (Workers, D1, KV). Cloudflare may process request metadata (IP addresses, request timestamps) as part of normal CDN and DDoS protection operations. See Cloudflare's Privacy Policy.

We do not sell, rent, or share your personal data with any third party for their own purposes.

We retain your email address and account data for as long as your account is active. If you request account deletion, we will remove your email address and associated account data within 30 days.

Usage logs (token consumption records) may be retained for up to 12 months for billing and audit purposes, after which they are deleted.

OTP codes are automatically expired and deleted after 10 minutes.

Under Argentine Law 25.326 (Personal Data Protection) and, where applicable, the GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated personal data.
• Opt out of non-transactional communications at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

We implement industry-standard security measures including HTTPS/TLS for all connections, hashed storage of API keys (raw keys are never stored), HttpOnly session cookies, and infrastructure protected by Cloudflare's edge network.

No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

FIPSign uses a single session cookie (__Host-pq_session) to maintain your authenticated session in the dashboard. This cookie is HttpOnly, Secure, and expires after 24 hours. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email before the changes take effect. The effective date at the top of this page will always reflect the most recent version.

Continued use of the service after notification of changes constitutes acceptance of the updated policy.

For any questions or concerns about this Privacy Policy or your personal data, contact us at [email protected].