Privacy Policy

Effective date: October 1, 2025

Thank you for visiting Quantackle ("we," "us," or "our"). We build AI automation, data analytics, and related software/services. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our websites (including quantackle.com), apps, and services (collectively, the "Services").

Quick summary: We collect only what we need to operate and improve the Services, keep data secure, and give you control over your information. We do not sell your personal information.

1) Who we are & scope

• Controller: Quantackle (trading name).

• Contact: info@quantackle.com

• Postal address: [Insert registered business address]

• This Policy applies to all interactions with our Services, including demos, contact forms, newsletters, trials, and paid offerings.

If you use our Services on behalf of a business, you confirm you have authority to share data and accept this Policy for that business.

2) Information we collect

We collect the following categories of information:

A. Information you provide

• Account & profile data (e.g., name, email, phone, job title, company, password hashes).

• Content & uploads you submit (e.g., files, prompts, documents, messages, feedback, support requests).

• Billing data handled via payment processors (e.g., billing name, address, VAT/GST, last4, transaction IDs). We do not store full card numbers.

B. AI inputs & outputs

• Prompts, context, documents you submit to AI features, and AI-generated outputs. Depending on your settings and provider terms, these may be processed by third‑party model providers as processors to deliver results.

C. Automatic usage data

• Device & log data: IP address, device/browser type, language, timestamps, pages viewed, referrer/UTM, crash logs.

• Product analytics: feature usage, clickstream, performance metrics.

• Cookies & similar tech: identifiers to keep you logged in, remember preferences, measure traffic, and improve the product. See Section 8.

D. Information from third parties

• Integrations you connect (e.g., CRM, cloud drives, chat, analytics) may provide us data as authorized by you.

• Service providers (e.g., payment, fraud prevention) may share limited signals to help prevent abuse.

E. Sensitive data

• We do not seek to collect sensitive personal data (e.g., health, biometric, precise geolocation). Please do not submit it unless the Service specifically requests it and you have a lawful basis.

Children

• Our Services are not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect data from children.

3) How we use information (purposes)

We use information to:

1. Provide the Services (core functions, customer support, account management).

2. Process AI requests and generate outputs you ask for.

3. Improve and secure the Services (troubleshooting, analytics, testing, monitoring, preventing abuse and fraud).

4. Communicate with you (service announcements, onboarding, critical updates). With consent or as permitted, we may send marketing communications which you can opt out of anytime.

5. Comply with law (tax, accounting, legal obligations) and enforce agreements.

Legal bases (EEA/UK/Thailand PDPA): consent, contract performance, legitimate interests (e.g., product improvement, security), legal obligation, and—where applicable—vital/public interest.

4) AI & automated decision-making disclosures

• We may use third‑party AI model providers to process your prompts and documents as processors acting on our instructions. We contractually require them to protect confidentiality and security.

• We do not use your prompts/outputs to train our or third‑party foundation models unless you explicitly opt in or enable a feature that says so.

• Certain features may involve automated scoring, categorization, or recommendations. You can contact us to request human review of decisions that produce legal or similarly significant effects, where required by law.

5) Sharing and disclosure

We share information only as needed:

• Service providers / processors (hosting, analytics, logging, email/SMS, payments, AI model inference, support). Examples may include: cloud platforms, email delivery tools, observability/logging, product analytics, payment processors, and AI inference APIs. We require processors to protect your data and use it only for our instructions.

• Enterprise customers / workspace admins (if you use an organizational account): admins may have visibility into usage and content consistent with your organization’s policies.

• Legal & safety (to comply with applicable law, lawful requests, prevent harm or fraud, protect rights, or enforce terms).

• Business transfers (merger, acquisition, financing, or sale of assets). We will notify you where required.

We do not sell personal information. We do not share personal information for cross‑context behavioral advertising without your consent.

6) International data transfers

We may process and store information in countries other than yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and assess local laws. You can request a copy of relevant transfer mechanisms.

7) Data retention

We keep personal data only as long as necessary for the purposes above, and as required by law. Retention periods vary by data type (e.g., billing records vs. session logs). We delete or anonymize data when no longer needed.

8) Cookies & similar technologies

We use cookies and similar technologies to:

• Keep you signed in and remember preferences.

• Measure traffic, performance, and product usage.

• Support security and fraud prevention.

Your choices: You can manage cookies in your browser settings and, where implemented, via our cookie banner/controls. Disabling certain cookies may affect site functionality.

9) Your rights & choices

Depending on your location, you may have rights to:

• Access/know what personal data we hold.

• Correct inaccurate data.

• Delete/erase your data.

• Portability (receive a copy in a portable format).

• Object to or restrict certain processing (e.g., marketing, legitimate interests).

• Withdraw consent at any time where processing is based on consent.

How to exercise: Email us at info@quantackle.com. We may ask for verification and will respond within the time required by law. If you’re in the EEA/UK/Thailand/California, you also have the right to lodge a complaint with your data protection authority.

California (CPRA): We do not sell personal information. Where applicable, you can exercise rights to know/access, correct, delete, opt out of sharing for cross‑context behavioral advertising, and limit use of sensitive information.

10) Security

We use administrative, technical, and physical safeguards appropriate to the risk (e.g., encryption in transit, access controls, monitoring). No method of transmission or storage is 100% secure. If we discover a breach affecting your data, we will notify you as required by law.

11) Third‑party links & integrations

Our Services may contain links to third‑party sites and integrations. Their privacy practices are governed by their own policies. Please review them—especially for tools you connect to Quantackle.

12) Organization & enterprise features

If you use our Services with a business account, your organization’s administrator may control or access account data subject to their policies. We process such data as a processor on that organization’s instructions where applicable.

13) Contact us

• Email: info@quantackle.com

• Address: [Insert registered business address]

• Data protection contact / DPO (if applicable): [Insert DPO contact]

14) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Effective date" and, if changes are material, we will provide additional notice as required.

Regional supplements

EEA/UK GDPR

• Controller: Quantackle.

• Legal bases: consent; contract; legitimate interests (product improvement, security, fraud prevention, internal analytics); legal obligation.

• Data transfers: We rely on appropriate safeguards such as SCCs; copies available on request.

• Representative (if required): [Insert EU/UK representative details].

Thailand PDPA

• Controller: Quantackle.

• Rights: access, rectification, data portability, objection, restriction, deletion, withdraw consent.

• Contact: info@quantackle.com

California (CPRA/CCPA)

• No sale of personal information.

• Right to know/access, correct, delete; right to opt‑out of sharing for cross‑context behavioral advertising; right to limit use of sensitive personal information.

Annex: Common processors & disclosures

• Hosting & infrastructure: AWS / Google Cloud / Azure / Hostinger (servers, storage, networking, CDN).

• AI inference: OpenAI / Google Vertex AI / Azure OpenAI (process prompts & documents to produce outputs; retention per provider settings; no training without opt‑in).

• Email/SMS/voice: SendGrid / Postmark / Mailgun / Twilio (transactional messages, OTPs, call/SMS features).

• Payments: Stripe / PayPal / Payoneer / Wise (billing, invoicing, tax).

• Analytics & monitoring: Google Analytics 4 / Plausible / PostHog / Sentry / Datadog / Logtail (usage metrics, errors, performance).

• CRM/Marketing: HubSpot / Salesforce / Make / Zapier / n8n (customer ops & automation).

For each processor, we limit data to what’s necessary, use DPAs, and implement transfer safeguards where required.