1) Data we collect
1.1 Data you provide directly
- Account & identity: name, username, email, password, phone.
- Profile & preferences: language, time zone, watchlists, saved screens.
- Payments & billing: cardholder name, billing address, payment tokens from our PCI-compliant processors, VAT/Tax IDs.
- Compliance (KYC/AML): date of birth, government ID, residency, source-of-funds (where required by law or by a partnered broker).
- Support & communications: contact forms, emails, chat messages, survey responses.
- Recruiting: CV/résumé, cover letters, interview notes (for applicants).
1.2 Data collected automatically
- Usage & device data: IP address, identifiers, browser/OS, device model, pages viewed, features used, referral URLs, timestamps.
- Approximate location: inferred from IP (city/region level).
- Cookies & similar tech: cookies, local storage, pixels, SDKs for authentication, preferences, analytics, fraud prevention, and marketing (see Cookies).
1.3 Data from third parties
- Payment processors: payment status, limited card metadata, chargeback info.
- Brokers/Exchanges you connect: account identifiers, balances, positions, order history (only with your authorization).
- Marketing & attribution partners: campaign and conversion data.
- Public & enterprise sources: business contact info where lawful.
2) Why we use your data (purposes & legal bases)
| Purpose |
Examples |
Legal basis (EEA/UK) |
| Provide & secure the Services |
Account creation, session management, troubleshooting, fraud/abuse prevention |
Contract; Legitimate interests; Legal obligation |
| Payments & subscriptions |
Billing, invoicing, tax, refunds |
Contract; Legal obligation |
| Compliance |
KYC/AML, sanctions screening, recordkeeping |
Legal obligation; Public interest |
| Improve & personalize |
Analytics, feature development, personalization |
Legitimate interests; Consent (where required) |
| Marketing & communications |
Service updates, offers, newsletters |
Consent; Legitimate interests (soft opt-in) |
| Integrations you enable |
Broker/exchange connections, APIs |
Contract; Consent |
| Recruitment |
Evaluate candidates |
Legitimate interests; Contract (pre-contractual steps) |
You may withdraw consent at any time (this will not affect processing that has already occurred).
3) How we share information
We do not sell personal data. We share only as needed:
- Service providers/Processors: hosting (cloud), email/SMS, support, analytics, security/fraud tools, payment processors.
- Financial/Compliance partners: KYC/AML vendors, brokers/exchanges you choose to connect.
- Professional advisors: auditors, lawyers, accountants.
- Corporate transactions: merger, acquisition, or asset sale (we’ll notify you where required).
- Legal: to comply with law, enforce terms, and protect rights, security, and users.
All processors are bound by contracts requiring confidentiality, security, and processing only per our instructions.
4) International transfers
We may transfer data to countries outside your own (e.g., to the US, EU, UK, or other regions). Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK IDTA/Addendum, and additional measures.
5) Retention
- Account data: for your active account and a reasonable period after closure.
- Transaction & compliance records: up to 7–10 years (varies by law).
- Marketing preferences: until you opt out or your account is deleted.
We anonymize or securely delete data when no longer needed.
6) Security
We use administrative, technical, and physical safeguards, including encryption in transit, access controls, least-privilege, logging/monitoring, and regular assessments. No system is 100% secure; please use strong, unique passwords and enable any available multi-factor authentication.
7) Your rights
EEA/UK and similar jurisdictions
You may have the right to access, rectify, erase, restrict or object to processing, port data, and not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. To exercise: email privacy@quantum-zherx.com. You can also complain to your local supervisory authority.
California (CPRA)
Residents can request know/access, delete, correct, and limit use/disclosure of Sensitive Personal Information; and opt out of sharing for cross-context behavioral advertising. We do not sell personal information. To submit a verifiable request: privacy@quantum-zherx.com. Authorized agent requests are supported.
Marketing choices
- Use unsubscribe links in emails; reply STOP for SMS.
- Manage cookies (see Cookies).
- Adjust in-product preferences where available.
8) Cookies & similar technologies (summary)
- Strictly necessary: login, load balancing, security.
- Functional: preferences, language, theme.
- Analytics: traffic and feature usage (aggregated).
- Marketing/Attribution: campaign performance, conversion measurement.
You can manage cookies via our banner, settings page, and your browser. Some features may not work without certain cookies. For details, see our Cookie Notice.
9) Children
Our Services are not directed to children under 18 (or the age of majority where you live). We do not knowingly collect data from children. If you believe a child provided data, contact us to delete it.
10) Automated decision-making & profiling
We may use limited automation (e.g., fraud signals, anomaly detection, personalized content). We do not make decisions that produce legal or similarly significant effects without human intervention.
11) Third-party links & integrations
Our Services may link to third-party sites or allow connections to brokers/exchanges you select. Their privacy practices govern those services; review them carefully.
12) Changes to this policy
We may update this Policy periodically. We’ll post the new version with a new “Effective date” and, where required, notify you via email or in-product notice.