Privacy Policy

QuantCypher

Last Updated: December 20, 2025

1. Introduction

QuantCypher ("we", "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our SaaS platform, including our Daily Report Card and AI guidance services.

1.5. Notice at Collection (California Residents)

Before we collect your personal information, California law requires us to inform you:

At Account Registration:

  • We collect: Name, email, password
  • Purpose: Create your account and provide the Service
  • Retention: Duration of subscription + 30 days after deletion

Voice-to-Text Processing:

  • We process (not store): Audio spoken into microphone
  • We store: Text transcription generated by AI
  • Purpose: Convert spoken trading journals into text
  • Retention: Text transcriptions follow journal retention schedule
  • Sharing: Audio transmitted to Google Gemini API for real-time processing only
  • Audio storage: None - discarded immediately after transcription

Automatically Collected:

  • We collect: Usage data (features used, login times), cookies
  • Purpose: Improve service, analytics, security
  • Retention: 2 years for identifiable data

For complete details, see our full Privacy Policy sections below.

2. Information We Collect

  • a. Account Information: Name, email address, and password when you register.
  • b. User Content: Trading journals (text), notes, screenshots, and images you upload.

    Voice-to-Text Processing:

    When you use voice-to-text transcription, your audio is processed in real-time by AI providers (Google Gemini API) and immediately discarded. We only store the resulting text transcription, not the audio recording. The audio exists only temporarily during the API call and is never saved to our servers or databases.

  • c. Usage Data: Information on how you interact with the software (e.g., features used, login times).

3. How We Use Your Information

We use your data for the following purposes:

  • To provide the Service (e.g., transcribing your audio files into text).
  • To generate AI-driven market insights based on your specific inputs.
  • To improve our algorithms and user experience.
  • To communicate with you regarding your account or updates.

4. AI and Third-Party Processing

To provide our services, we may transmit your input data (such as audio transcripts or journal text) to third-party Artificial Intelligence providers (e.g., OpenAI, Anthropic, Google) via secure APIs.

We do not allow these third-party providers to use your data to train their general public models.

Data is processed solely to generate the response/transcription for you. Voice audio is processed in real-time and immediately discarded - we never store audio recordings.

5. Data Retention

We retain your data according to the following specific schedules:

Account Information (email, name, password hash):

  • Active accounts: Duration of subscription
  • After account deletion: 30 days for recovery, then permanent deletion
  • Email addresses for anti-spam purposes: 2 years after deletion

Text Transcriptions & Journal Entries:

  • Active users: Duration of subscription
  • After account deletion: 30-day grace period or immediate deletion (user choice)
  • Anonymized/aggregated data: May be retained indefinitely for product improvement

Screenshots/Images:

  • Active users: Duration of subscription
  • After deletion: 30-day grace period, then permanent deletion

Usage Analytics:

  • Identifiable analytics: 2 years maximum
  • Anonymized analytics: Indefinitely

Payment Records (via Stripe):

  • Billing history: 7 years (financial/tax compliance)
  • Note: Credit card details are never stored by us (handled by Stripe)

Backup Data:

  • Deleted data is purged from backups within 90 days

Voice Audio Processing:

Audio from voice-to-text is NOT stored. It is processed in real-time by Google Gemini API and immediately discarded. Retention: 0 seconds (ephemeral processing only).

Your Deletion Rights

You may request deletion of your data at any time by contacting support@quantcypher.com or deleting your account in Settings. We will process deletion requests within 30 days (GDPR) or 45 days (CCPA).

6. Data Security

We implement industry-standard security measures to protect your data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law. Notification will be provided without undue delay, typically within 72 hours of discovery (GDPR) or as required by applicable state laws.

Notification will include: (1) Nature of the breach, (2) Types of data affected, (3) Steps we are taking to address the breach, (4) Steps you can take to protect yourself.

We maintain an incident response plan and conduct regular security audits to minimize risk.

7. Sharing of Information

We do not sell your personal data. We may share information with:

  • Service Providers: Hosting, payment processing, and AI API providers necessary to run the app.
  • Legal Obligations: If required by law or to protect our rights.

8. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data. Contact us at support@quantcypher.com to exercise these rights.

9. GDPR Rights (For European Economic Area Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

  • Consent: Voice-to-text processing (transient), marketing communications
  • Contractual Necessity: Account data required to provide the Service
  • Legitimate Interest: Fraud prevention, service improvement
  • Legal Obligation: Tax records, compliance with law

Your GDPR Rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your data
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
  • Automated Decision-Making: Right to human review of AI-generated decisions that significantly affect you

How to Exercise Your Rights

Contact privacy@quantcypher.com or support@quantcypher.com. We will respond within 30 days.

Right to Complain:

You have the right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe we are not complying with GDPR.

Data Protection Officer:

For GDPR-related inquiries, contact privacy@quantcypher.com

International Data Transfers:

If we transfer your data from the EEA to the United States, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information We Collect (Last 12 Months):

  • Identifiers (name, email, account ID)
  • User-generated content (trading journals - text only, notes, images)
  • Commercial information (subscription tier, payment history)
  • Internet/network activity (usage data, login times)
  • Audio (processed in real-time, not stored - transient processing only)

Sources of Personal Information:

  • Directly from you (account registration, uploads, voice input)
  • Automatically (usage analytics, cookies)
  • From payment processors (Stripe - transaction confirmations)

Business/Commercial Purposes:

  • Providing the Service (voice-to-text transcription, AI analysis)
  • Account management and customer support
  • Improving our algorithms and user experience
  • Fraud prevention and security
  • Legal compliance

Categories of Third Parties We Share With:

  • AI service providers (Google Gemini API - for voice-to-text transcription only)
  • Cloud hosting providers (Supabase, Vercel)
  • Payment processors (Stripe)
  • Analytics providers (if applicable)

Sale or Sharing of Personal Information

We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising.

Sensitive Personal Information:

Audio processed during voice-to-text may constitute sensitive personal information. However, we do not store audio - it is processed in real-time and immediately discarded. We only use audio for the sole purpose of providing transcription services during the API call.

Your California Rights:

  • Right to Know: Request disclosure of personal information collected, used, or disclosed
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of sale/sharing of personal information (we don't sell/share)
  • Right to Limit Use of Sensitive Information: Limit use of sensitive data to necessary purposes
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights

Email support@quantcypher.com with subject line "California Privacy Request" or use the contact form. We will verify your identity and respond within 45 days.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

Essential Cookies:

  • Authentication (keeps you logged in)
  • Security (prevents unauthorized access)
  • These cannot be disabled without affecting functionality

Analytics Cookies:

  • Usage analytics (which features are used most)
  • Performance monitoring
  • You can opt-out of analytics cookies

Cookie Duration:

  • Session cookies: Deleted when you close browser
  • Persistent cookies: Stored for up to 12 months

How to Manage Cookies

Browser settings allow you to block or delete cookies. Note: Disabling essential cookies may prevent login. For EU users: You will see a cookie consent banner on first visit. You can manage your preferences at any time.

Do Not Track:

Our website does not respond to "Do Not Track" browser signals. You can opt-out of analytics via Settings.

12. Children's Privacy

QuantCyphr is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18 years old.

If you are under 18, do not:

  • Register for an account
  • Use the Service
  • Provide any personal information to us

If we become aware that we have collected personal information from someone under 18, we will delete that information immediately.

Parents/Guardians: If you believe your child has provided us with personal information, please contact support@quantcypher.com immediately.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page.

Contact Us

General Inquiries

support@quantcypher.com

Privacy-Specific Inquiries

privacy@quantcypher.com

Subject Line: "Privacy Request - [Your Issue]"

GDPR Data Protection Officer

privacy@quantcypher.com

Subject Line: "GDPR Request"

California Privacy Requests (CCPA/CPRA)

support@quantcypher.com

Subject Line: "California Privacy Request"

Response Times:

  • General inquiries: 3-5 business days
  • Privacy requests: 30 days (GDPR) or 45 days (CCPA)
  • Data breach notifications: Within 72 hours of discovery