Security & Privacy

No. QuantCyphr has never sold user data to third parties and never will. This is stated explicitly in our Privacy Policy and Terms of Service. Your trading journal entries, performance data, voice transcripts, and analysis results are private and confidential. We do not sell, rent, or share your data with advertisers, data brokers, or third-party marketers. The only third parties who process your data are essential service providers under strict Data Processing Agreements: payment processing (Stripe), cloud infrastructure (enterprise-grade SOC 2 Type II certified providers), and AI processing (with contractual prohibitions against training on your data). We are a subscription-based platform - our revenue comes from you, not from selling your data.

No. QuantCyphr has explicit contractual agreements with all AI providers (including those powering Vera AI) that prohibit using your data for model training, product development, or any purpose beyond processing your immediate requests. Your journal entries, voice transcripts, and trading data are processed ephemerally (in real-time) and are not retained by AI providers. We use enterprise-grade AI APIs with strict data isolation and zero-retention policies. Your data is used only to generate your DRC insights and is never fed back into model training pipelines.

Voice recordings are encrypted during transmission (TLS 1.3), transcribed in real-time, and immediately deleted after processing. QuantCyphr does not store your voice recordings. When you speak to Vera AI, your audio is encrypted and sent to our AI provider for transcription - the transcription is returned to you as text (your DRC), and the audio file is permanently deleted. We never save audio files to our servers or databases. You can verify this in our codebase - there is no audio storage infrastructure. Only the text transcription is saved as part of your DRC entry.

QuantCyphr uses military-grade encryption at every layer. Data in transit: TLS 1.3 encryption (HTTPS enforced across all services). Data at rest: AES-256 encryption for all database records. Database encryption: Transparent Data Encryption (TDE) provided by our SOC 2 Type II certified infrastructure provider. Voice recordings: Encrypted before transmission to AI providers (and then immediately deleted after transcription). Your data is encrypted both in motion (when transmitted over the internet) and at rest (when stored in databases).

QuantCyphr uses enterprise-grade cloud infrastructure with SOC 2 Type II certified data centers. Your data is stored in geographically redundant data centers with automated backups and 99.9% uptime SLA. We do not disclose the specific cloud provider or data center locations to prevent competitive intelligence leakage, but we guarantee: SOC 2 Type II certification, GDPR compliance (for EU users), and geographic redundancy. All providers undergo rigorous security audits and maintain industry-leading certifications.

No. QuantCyphr has never experienced a data breach since founding in 2021. We have a comprehensive incident response plan in place, 24/7 security monitoring and alerting, and forensic investigation procedures. In the event of a breach (which has not occurred), we are committed to: breach notification within 72 hours (GDPR compliance), full transparency about what data was affected, and immediate remediation. We take security seriously and invest heavily in infrastructure, audits, and monitoring to prevent breaches.

Yes. You have full control over your data. You can delete your account anytime from Account Settings. Upon deletion: your account is deactivated immediately, your data enters a 30-day grace period (in case you change your mind and want to restore), and after 30 days, all data is permanently deleted from our systems (including backups). Before deleting, you can export your full data set (CSV format) from the Analytics page. Once the 30-day grace period expires, your data is unrecoverable - we cannot restore deleted accounts.

QuantCyphr employees do not have routine access to your trading data. Access is restricted to: Support engineers (only when you explicitly request help with a technical issue and grant permission), Security auditors (only for security investigations with logged access), and Automated systems (no human review). We follow the principle of least privilege - employees only see data necessary for their role. All data access is logged and monitored. We require background checks, mandatory security training, and NDAs for all employees with potential data access. Your trading journal and performance data are private by default.