Privacy Policy

Quantinger is a cryptocurrency research and analysis platform operating as an individual proprietorship pending entity registration. We are the data controller for personal data collected through the Service at quantinger.com.

Data protection contact: support@quantinger.com

(a) Account data: email address, hashed password, full name (optional), account created date, last login timestamp, subscription tier, grace period end date.

(b) Usage data: pages visited, features used, backtest run counts, AI message counts, alert triggers, screener queries. Used to operate and improve the Service.

(c) Technical data: IP address, browser type, operating system, device type, referrer URL, session timestamps. Collected for fraud prevention and service operation.

(d) Payment data: collected by Paddle (Merchant of Record). We receive only: transaction amount, currency, last 4 digits of card, and billing country. We never see your full card number or CVV.

(e) BYOK API keys: encrypted at rest with AES-128 (Fernet symmetric encryption). Never logged. Used only at the moment of an AI request to forward your query to the provider you selected.

(f) AI conversation data: stored encrypted. We do NOT use your AI conversations to train any model. Third-party AI providers (Anthropic, OpenAI, Google) operate under their own privacy terms when processing your requests.

(g) Cookies: see Section 11 and our Cookie Policy.

(h) Data we do NOT collect: race, religion, sexual orientation, health data, biometrics, or government IDs (beyond what Paddle may require for fraud prevention under their own policies).

We use your information to:

• Operate and improve the Service;
• Provide customer support;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations;
• Communicate service updates and, with your consent, marketing messages.

We do NOT sell your personal data, share it with advertisers, or use it for profiling outside of fraud prevention.

• Contract performance — account creation, subscription delivery, Service features.
• Legitimate interests — security, fraud prevention, service improvement.
• Legal obligations — tax compliance, anti-money laundering where applicable.
• Consent — marketing emails, analytics cookies beyond strictly necessary.

Service providers (sub-processors):

• Paddle — billing and payment processing
• Resend — transactional email delivery
• Sentry — error tracking (anonymised)
• DigitalOcean — backend server hosting
• Vercel — frontend hosting
• Cloudflare — CDN, DNS, DDoS protection
• Anthropic, OpenAI, Google — only when you make AI requests using your BYOK keys

Legal requirements: We may disclose data in response to a valid subpoena, court order, or government request. We will challenge overbroad requests and notify users where legally permitted.

Business transfer: In the event of an acquisition or merger, users will be notified before their data transfers.

We never sell personal data.

Our servers are located in: London, UK (DigitalOcean LON1 region) and Frankfurt, Germany (Sentry EU). Data may also be processed in the USA (Vercel, AI providers) and EU. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards for international transfers.

• Account data: while account is active + 30 days after deletion.
• Backups: up to 90 days.
• Payment records: 7 years (tax and audit requirements).
• AI conversation history: until user deletes or account closes + 30 days.
• Logs and security data: 90 days.
• Anonymised analytics: indefinitely.

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — delete your data, subject to legal retention obligations.
• Restriction — limit how we process your data.
• Portability — receive your data in machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for consent-based processing (e.g., marketing emails).
• Lodge a complaint — with your local data protection authority.

Exercise any right by emailing support@quantinger.com. We respond within 30 days.

• TLS 1.3 for all data in transit.
• AES-128 encryption at rest for sensitive fields (BYOK keys, personal fields).
• Password hashing with bcrypt (cost factor 12+).
• Database encryption at rest.
• Regular encrypted backups.
• Principle of least privilege for system access.
• JWT authentication with short-lived tokens and rotation.
• Rate limiting and automated fraud detection.

We follow industry best practices but cannot guarantee absolute security. In the event of a breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by applicable law.

The Service is not directed at users under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly.

We use strictly-necessary cookies for authentication and security (session token, CSRF protection). With your consent, we use analytics cookies to understand how the Service is used and improve it. We do NOT use advertising cookies or third-party tracking pixels. You can manage your preferences via the Cookie Consent banner shown on first visit, or through your browser settings.

We will update this policy as the Service evolves. Material changes will be communicated via email or prominent notice on the Service at least 14 days before taking effect. Continued use after a change constitutes acceptance of the revised policy.

For all privacy questions, requests, or complaints: support@quantinger.com. We respond within 30 days, often much faster.