keys.openpgp.org is a community effort. You can find more information about us, and our contact, details here.
The public keyserver running on keys.openpgp.org processes, stores, and distributes OpenPGP certificate data. The specific way in which data is processed differs by type as follows:
Email addresses of individuals contained in User IDs are personal data. Special care is taken to make sure they are used only with consent, which you can withdraw at any time:
This data is never handed collectively (“as a dump“) to third parties.
We process the cryptographic content of OpenPGP certificates - such as public key material, self-signatures, and revocation signatures – for the legitimate interest of providing the service.
This data is not usually collectively available (“as a dump“), but may be handed upon request to third parties for purposes of development or research.
If you upload your OpenPGP certificates to the service, you are the source of this data. It is also possible for anyone who has your public OpenPGP certificate to upload them to this service – for example, if you have published them somewhere else, or sent them to someone. This does not include publication of Email Addresses, which are only used with explicit consent as described above.
An OpenPGP certificate may contain personal data other than email addresses, such as User IDs that do not contain email addresses, or image attributes. This data is stripped during upload and never stored, processed, or distributed in any way.
OpenPGP packet types that were not specifically mentioned above are stripped during upload and never stored, processed or distributed in any way.
Data is never relayed to third parties outside of what is available from the public API interfaces, and what is described in this policy and on our about page.
This service is available on the Internet, so anyone, anywhere in the world, can access it and retrieve data from it.
We will retain your email address linked with your OpenPGP certificates until you remove it. We will remove your Public Key Data if you wish, but note that anyone can re-upload it to the service, in keeping with the “public” nature of this key material.
All incoming requests are logged for a period of 30 days, and only used as necessary for operation of the service. IP addresses are anonymized for storage.
You can withdraw consent to the processing of your email address at any time, or erase your email addresses, using the “manage“ tool.
You can obtain access to the personal data we process about you by viewing your OpenPGP certificates, or searching for your certificates using your email addresses, using this service.
You can delete your OpenPGP certificates by emailing support at keys dot openpgp dot org, but note that anyone can upload them again. If you object to having your certificate re-uploaded, email support at keys dot openpgp dot org and we will banlist your keys.
To exercise the right of portability, you can download your OpenPGP certificate using this service.
If you are in the EEA or UK, you also have the right to lodge a complaint with a supervisory authority, such as your local data protection authority.
Hagrid v1.3.0 built from 26ef2f6
Powered by Sequoia-PGP
Background image retrieved from Subtle Patterns under CC BY-SA 3.0