The public keyserver running on keys.openpgp.org processes, stores and distributes OpenPGP key data. The specific way in which data is processed differs by type as follows:
Email addresses contained in User IDs are personally identifiable information (PII). Special care is taken to make sure they are used only with consent:
This data is never handed collectively ("as a dump") to third parties.
The cryptographic content of OpenPGP keys is not considered personally identifiable information. This includes specifically public key material, self-signatures, and revocation signatures.
This data is not usually collectively available ("as a dump"), but may be handed upon request to third parties for purposes of development or research.
An OpenPGP key may contain personal data other than email addresses, such as User IDs that do not contain email addresses, or image attributes. This data is stripped during upload and never stored, processed, or distributed in any way.
OpenPGP packet types that were not specifically mentioned above are stripped during upload and never stored, processed or distributed in any way.
Data is never relayed to third parties outside of what is available from the public API interfaces, and what is described in this policy.