Privacy Policy

Last updated: 2026-05-24

This Privacy Policy describes how Quant Data Fetch("we") collects, uses, stores, shares and protects your personal information. We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data controller: the operator of Quant Data Fetch. Contact for privacy matters: support@quantdatafetch.com.

1. Information We Collect

We collect only the minimum necessary information to provide and improve the Service.

• Email address — used as your account identifier and to deliver verification-code sign-in emails;
• Device fingerprint — a hash of stable hardware identifiers used to enforce the 2-device limit per license; cannot be reversed to identify individuals;
• Sign-in IP and approximate city — for security audit, anomaly detection, and unusual-location alerts;
• Order and payment metadata — order number, amount, currency, status, timestamps. Card details are processed by Stripe and never reach our servers;
• Client diagnostic logs (when you opt in by attaching them to a support email) — anonymized stack traces and feature usage counters.

We do not collect:

• Browsing history outside our website;
• Contact lists, photos, or files on your device;
• Biometric data;
• Information about minors known to us to be under 16.

2. How We Use Information

We use the information collected to:

• Provide the Service: authenticate sign-ins, validate licenses, manage devices;
• Process payments and issue receipts;
• Send service notifications, sign-in alerts, and security warnings;
• Detect and prevent fraud, abuse, and unauthorized scraping;
• Improve performance, stability, and feature quality (using anonymized data).

We do not use your personal data for behavioral advertising and we do not sell it.

3. Lawful Basis for Processing (GDPR Article 6)

• Contract performance — sign-in, license validation, payments;
• Legal obligation — tax / accounting record retention;
• Legitimate interest — fraud prevention, security monitoring, service improvement;
• Consent — optional marketing emails (opt-in only).

4. Sharing

We share data only with vendors strictly necessary to operate the Service, all of whom are bound by data processing agreements meeting GDPR / CCPA standards:

• Stripe, Inc. — payment processing (PCI DSS Level 1);
• Resend, Inc. — transactional email delivery;
• Cloud infrastructure providers — hosting (data stored in the region you sign up from);
• Cloudflare — DDoS protection, CDN, and bot mitigation;
• Regulators and law enforcement — only when required by a valid legal order in our operating jurisdiction.

5. International Data Transfers

Where data is transferred outside your region, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent legal mechanisms.

6. Retention

• Active accounts — retained while the account is in use;
• Deleted accounts — personal information anonymized within 30 days; order records retained for 5-7 years as required by tax / accounting law (de-linked from identifying information);
• Audit logs — 12 months;
• Aggregate / anonymized analytics — indefinite.

7. Security

• All connections to our services use HTTPS (TLS 1.2 or higher);
• Passwords are not used (single-use email verification codes only);
• JWTs are signed with RSA-2048;
• Secrets are encrypted at rest;
• Access to production data is limited and audited.

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you within 72 hours of discovery, as required by GDPR Article 33.

8. Your Rights

Under GDPR, CCPA, and similar laws you have the right to:

• Access the personal data we hold about you;
• Rectification of inaccurate data;
• Erasure(the "right to be forgotten") — available from the Delete Account page or by email request;
• Restriction or objection to certain processing;
• Data portability — receive your data in a machine-readable format;
• Opt-out of sale (CCPA) — we do not sell personal information, so this is automatically satisfied;
• Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email support@quantdatafetch.com. We will respond within 30 days (extendable by another 60 days for complex requests, as permitted by GDPR Article 12).

9. Cookies and Local Storage

Our website uses strictly necessary cookies and localStorage only: an authentication token to keep you signed in, and a session-scoped flag to remember if you dismissed the promo banner. We do not use third-party tracking cookies or analytics that profile individual users.

10. Children

The Service is not directed to children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will delete it promptly.

11. Contact and Complaints

Questions about this Policy or to exercise your rights, email support@quantdatafetch.com. We aim to respond as quickly as possible.

You also have the right to lodge a complaint with your local data protection authority (in the EU/EEA), the relevant state Attorney General (in the US), or any other competent supervisory authority.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified by email and posted on this page with a new "Last updated" date.