Privacy Policy

Last updated: 20 December 2025

Privacy by Design: ProteQC.com implements data protection by design and by default, does not use cookies, does not track individual users, collects only the minimum data necessary to respond to your enquiries and ensures transparency of personal data processing. As a security and privacy aware Post-Quantum Cryptography (PQC) consultancy, we practise what we preach.

1. Who We Are

ProteQC Limited ("we", "our", "us") is a specialist post-quantum cryptography consultancy committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or use our services.

ProteQC Limited is registered in England and Wales (Company Number: 16781199) with our registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ.

For Data Protection purposes, ProteQC Limited is the Data Controller (ICO Registration Number: ZC029338).

2. Information We Collect

2.1 Contact Form Data

When you submit our contact form, we collect:

Name (required)
Email address (required)
Company name (optional)
Message content (required)

This information is provided voluntarily by you and is used solely to respond to your enquiry.

2.2 Analytics Data

We use Cloudflare Web Analytics, a privacy-focused analytics service that:

Does not use cookies
Does not track individual users
Does not collect personal information
Collects only aggregate, anonymised data about page views and site performance

No Tracking: We cannot identify you personally from our analytics data. We see only aggregate statistics such as total page views and general geographic regions.

2.3 Technical Data

Our infrastructure providers (Cloudflare and Google Cloud) may process standard technical data such as IP addresses for security, performance, and abuse prevention purposes. This data is handled in accordance with their respective privacy policies.

3. How We Use Your Information

We use the information you provide through our contact form solely for:

Responding to your enquiry
Providing information about our Post-Quantum Cryptography (PQC) advisory services
Following up on potential business opportunities you have initiated

We do not use your information for marketing purposes unless you explicitly consent to receive marketing communications.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Processing Activity	Legal Basis
Responding to contact form enquiries	Legitimate interests (responding to business enquiries)
Pre-contractual discussions	Necessary for entering into a contract
Analytics (aggregate only)	Legitimate interests (website improvement)

5. Data Security

We implement appropriate technical and organisational measures to protect your data:

Encryption in Transit: All data transmitted to and from our website is encrypted using TLS 1.2+ - Our "backhaul" between CloudFlare and Google Cloud is protected by CloudFlare Tunnel (fomerly ArgoTunnel), the connection between your browser and Cloudflare will select TLS v1.3 if your browser supports this and will revert to TLS v1.2 if not
Secure Email Transmission: Contact form submissions are transmitted immediately via Microsoft Graph API using OAuth 2.0 authentication and TLS v1.3 encryption
Cross-Site Scripting (XSS) Protection: For defence in depth against impacts of potential malicious script injections our web server sends a header to your browser preventing access to sensitive resources, specifically the following header: "permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
Access Controls: Form submissions are delivered only to authorised ProteQC staff
Infrastructure Security: Our website is hosted on Google Cloud Platform (London region) with Cloudflare providing network resilience, DDoS protection, "backhaul" encryption, security filtering and monitoring
No Public Endpoints: Our application server is not directly accessible from the internet; all traffic is routed through Cloudflare Tunnel

6. Data Sharing and Transfers

6.1 Service Providers

We use the following service providers to operate our website:

Provider	Purpose	Location
Google Cloud Platform	Website hosting	London, UK (europe-west2)
Cloudflare	DNS, security, analytics	Global (with UK/EU processing)
Microsoft 365	Email delivery	EU data boundary

6.2 International Transfers

Where data is processed outside the UK, appropriate safeguards are in place including Standard Contractual Clauses and adequacy decisions where applicable.

6.3 No Sale of Data

We do not sell, rent, or trade your personal information to third parties.

7. Data Retention

We retain your contact information only for as long as necessary:

Contact form enquiries: Retained for up to 2 years following last contact to maintain business relationship records, unless you request earlier deletion
Contractual records: Retained for 7 years after contract completion for legal and regulatory compliance
Analytics data: Aggregate data retained by Cloudflare for 6 months

8. Your Rights

Under UK GDPR, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Request limitation of how we use your data
Right to Object: Object to processing based on legitimate interests
Right to Data Portability: Request transfer of your data in a machine-readable format

To exercise any of these rights, please contact us at privacy@proteqc.com. We will respond to your request within one month.

9. No Cookies

This website does not use cookies of any kind:

No tracking cookies
No analytics cookies
No session cookies
No third-party cookies

Our contact form uses a stateless cryptographic Cross-Site Request Forgery (XSRF) protection mechanism that does not require cookies or local storage.

10. Third-Party Links

Our website may contain links to external sites, including LinkedIn profiles of our leadership team. We are not responsible for the privacy practices of these sites and encourage you to review their privacy policies.

11. Children's Privacy

Our services are designed for business professionals and organisations. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. Material changes will be highlighted for your convenience.

13. Complaints

If you are not satisfied with our response to any privacy-related concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

14. Contact Us

For any privacy-related questions, requests, or concerns, please contact us:

Email: privacy@proteqc.com
General enquiries: info@proteqc.com
Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ