Privacy Policy

This privacy policy describes how Quant Auras ("we", "us", "our") collects, uses, and protects personal data when you use our financial-analytics platform.

We act as the data controller for the personal data processed under this policy and comply with the Saudi Personal Data Protection Law (PDPL), the EU General Data Protection Regulation (GDPR), and other applicable privacy laws.

We collect only the data necessary to operate the service:

• Account data — name, email address, country, password hash.
• Authentication data — session tokens, sign-in timestamps, sign-in IP (logged for security).
• Subscription data — billing email, subscription tier, payment status (full card data is held by Stripe, never by us).
• Usage data — pages visited, features used, search terms, watchlist contents (used to operate and improve the product).
• Device and browser data — user agent, screen size, language preference (used for telemetry and accessibility).

We process your personal data to:

• Provide the platform and its features (account, watchlist, screeners, alerts).
• Authenticate you and protect your account from unauthorised access.
• Process payments and manage subscriptions.
• Send essential service emails (sign-in confirmation, password reset, billing).
• Send marketing communications only with your explicit consent (which you can withdraw at any time).
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and respond to lawful requests.

Under GDPR/PDPL we process personal data based on:

• Contract — to deliver the service you signed up for.
• Legitimate interests — to secure the platform, prevent fraud, and improve the product.
• Consent — for marketing communications and non-essential cookies.
• Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

We never sell your personal data. We share it only with:

• Stripe — payment processing.
• AWS (Amazon Web Services) — infrastructure hosting in the United States and the European Union.
• Financial Modeling Prep — market-data licensing partner; no personal data is sent to FMP.
• Google — for Sign-In identity verification when you opt in.
• Law-enforcement agencies — only when compelled by valid legal process.

Your data may be transferred to, and processed in, countries other than your country of residence — primarily the United States and the European Union — under appropriate safeguards (Standard Contractual Clauses where required).

We retain personal data only as long as needed:

• Account data — for the lifetime of your account, plus 30 days after deletion.
• Billing records — 7 years (legal requirement).
• Authentication logs — 90 days.
• Usage analytics — aggregated and anonymised after 12 months.
• Backup snapshots — up to 35 days, then permanently overwritten.

Under GDPR, PDPL, and similar regulations you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion (right to be forgotten).
• Restrict or object to processing.
• Data portability — receive a machine-readable export.
• Withdraw consent for marketing or non-essential cookies at any time.
• Lodge a complaint with your local data-protection authority.

We use a small number of cookies — broken into three categories. The cookie banner lets you opt in or out of analytics and marketing categories; necessary cookies (authentication, CSRF protection) cannot be disabled because the service won't function without them.

We protect your data with TLS 1.2+ in transit, AES-256 at rest, Argon2 password hashing, short-lived JWTs, and audited cloud-provider controls. See our Security page for the full overview.

Quant Auras is not directed at children under 16 and we do not knowingly collect personal data from anyone under that age.

We will notify you by email at least 30 days before any material change to this policy takes effect.

Privacy enquiries: privacy@quantauras.com.

Data protection officer: dpo@quantauras.com.