Legal

Privacy Policy

Version 1.0Effective: March 17, 2026

At Quantinal, protecting your privacy is fundamental to how we build and operate our platform. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our platform and related services (the “Services”). By using our Services, you acknowledge the practices described in this policy.

1. Information We Collect

Account Information

When you register, we collect your email address, name, and any profile information you choose to provide. Account credentials are stored using industry-standard security measures. Billing information is processed securely through our third-party payment provider (currently Stripe) and is not stored on our servers.

Content You Upload

When you upload data to the platform, we store your files, descriptions, and associated metadata. All uploaded content is encrypted at rest using strong encryption with unique keys per user.

Usage Information

We automatically collect service usage patterns, API request logs, feature interactions, device information, browser type, IP address, and approximate geographic location derived from your IP address.

Information from Third Parties

If you authenticate through a third-party provider (such as Google OAuth), we receive basic profile information as authorized by you and that provider. We do not receive or store your third-party account password.

2. Legal Basis for Processing

We process your information based on one or more of the following legal grounds:

  • Contract Performance: To provide the Services you have requested and fulfill our obligations under our Terms of Service
  • Legitimate Interests: To improve our platform, prevent fraud, ensure security, and communicate with you about our Services, where these interests are not overridden by your rights
  • Consent: Where you have given explicit consent, such as for marketing communications or optional analytics
  • Legal Obligation: To comply with applicable laws, regulations, or legal processes

3. How We Use Your Information

  • Provide Services: Process your requests, store your data, and deliver results
  • Process Payments: Handle credit purchases and billing through our payment provider
  • Improve Platform: Analyze aggregated usage patterns to enhance features, performance, and reliability
  • Communicate: Send service updates, security alerts, and (with your consent) product news
  • Ensure Security: Detect fraud, prevent abuse, and maintain platform integrity
  • Legal Compliance: Meet regulatory requirements and respond to lawful requests

We do not sell your personal data to third parties.

4. AI Processing & Your Data

  • Your Private Data Stays Private: Uploaded content is encrypted and only accessed to serve your specific requests. We do not use your private data to train AI models.
  • Ephemeral Processing: Your data is processed in isolated environments and is not retained after results are delivered to you. Processing environments are designed to be stateless.
  • No Cross-User Data Mixing: Your data is never combined with other users' data. Each processing job operates in isolation.
  • Third-Party AI Providers: We use third-party AI service providers to process certain requests. These providers are contractually bound to protect your data, process it only as instructed by us, and not use it for their own purposes including model training.

5. Automated Decision-Making

Our Services use AI and automated systems to generate analysis outputs, scores, and signals. These outputs are intended as informational tools to support your decision-making and should not be treated as definitive recommendations. You retain full control over any decisions or actions taken based on the outputs. If you have concerns about automated processing, you may contact us through our website.

6. Data Security & Encryption

  • Encrypted Storage: All uploaded content is encrypted at rest using strong encryption with unique keys
  • Encrypted Communications: All data in transit is encrypted using TLS
  • Secure Key Management: Encryption keys are stored separately from encrypted data using managed key services
  • Access Controls: Strict access controls limit internal access to your data on a need-to-know basis
  • Audit Logging: Sensitive operations are logged for security monitoring and incident response
  • Reliable Infrastructure: Enterprise-grade cloud infrastructure with redundancy and regular backups

While we implement commercially reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your data but will promptly notify affected users in the event of a data breach that poses a risk to your rights, in accordance with applicable laws.

7. Data Sharing

We share your data only in the following limited circumstances:

  • Service Providers: With trusted vendors who help us operate the platform (such as payment processing, cloud infrastructure, and AI services), each bound by data protection agreements that restrict how they may use your data
  • Legal Requirements: When required by applicable law, court order, subpoena, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
  • Your Authorization: When you explicitly choose to share or export content
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request permanent deletion of your account and associated data
  • Export: Download your data in a portable, machine-readable format
  • Restriction: Request that we limit how we process your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Marketing Opt-Out: Unsubscribe from promotional communications at any time using the link in our emails or through your account settings

To exercise these rights, visit your account settings or contact us through our website at www.quantinal.ai. We will respond to verified requests within 30 days. We may ask you to verify your identity before processing certain requests. We will not discriminate against you for exercising your privacy rights.

9. Data Retention

  • Account Data: Retained while your account is active, plus 30 days after a deletion request to allow for recovery and complete any pending operations
  • Uploaded Content: Retained until you explicitly delete it or close your account
  • Transaction Records: Retained for 7 years for accounting, tax, and legal compliance
  • Security Logs: Retained for 90 days for security monitoring and incident investigation
  • Inactive Accounts: Credits expire after 12 months of inactivity; accounts that remain inactive for 24 consecutive months may be scheduled for deletion with at least 30 days' notice via your registered email

Where we are required by law to retain data for longer periods, we will do so in accordance with applicable legal requirements.

10. International Data Transfers

Quantinal operates globally. Your data may be processed and stored in regions outside your country of residence, including regions where our cloud infrastructure and service providers operate. We implement appropriate safeguards for cross-border data transfers, including Standard Contractual Clauses and equivalent mechanisms where required by applicable data protection laws. All data remains encrypted in transit and at rest regardless of location.

11. Children's Privacy

Quantinal is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete it promptly. If you believe a minor has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you via email or platform notification at least 30 days before they take effect. Non-material updates (such as clarifications) may take effect upon posting. The effective date at the top of this page will be updated accordingly. Continued use of the Services after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

For privacy inquiries or to exercise your rights, please contact us through the support channels available on our website at www.quantinal.ai.

If you believe your privacy rights have not been adequately addressed, you may have the right to lodge a complaint with your local data protection authority.