QuantaTradeAI (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the QuantaTradeAI platform, website, and services (collectively, the “Services”). By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

GDPR Compliance and User Consent

We comply with the European Union’s General Data Protection Regulation (GDPR) and applicable privacy laws. If you are located in the EU or EEA, we will implement explicit consent mechanisms for processing your personal data. This includes clear opt-in confirmations for things like account registration, marketing communications, and cookie usage. You have the right to withdraw consent at any time. We will not process sensitive personal data without your explicit consent, except as allowed by law or necessary for providing the Services (for example, for fraud prevention or compliance obligations).

• Legal Basis for Processing: We only collect and process personal data when we have a lawful basis to do so under GDPR and other laws. The legal bases include: your consent, the necessity to perform a contract (e.g., our Terms of Service) or provide the Services you request, compliance with legal obligations (such as anti-money laundering laws), and our legitimate interests (such as improving our Services and ensuring security) balanced with your data protection rights.
• Opt-In for EU Users: Users from the EU will be presented with clear opt-in choices for any data processing that is not strictly necessary for providing the Service. For example, you may be asked to tick a box agreeing to our terms and privacy policy, or to opt-in to marketing emails. We maintain records of consents as required by GDPR. We also provide cookie consent banners on our websites for EU users, allowing you to accept or reject non-essential cookies.

Information We Collect

We collect several categories of information from you to provide and improve our Services, to fulfill legal requirements (such as Know Your Customer and Anti-Money Laundering regulations), and to ensure the functionality and security of our platform. The types of information we may collect include:

• Personal Identification Information: Information you provide during account registration and KYC verification. This includes your full name, date of birth, nationality, residential address, email address, phone number, and any government-issued identification numbers (such as passport or driver’s license numbers). We may also collect copies of identification documents (ID card, passport) and proof of address (utility bills, bank statements) as required by KYC/AML laws.
• Identity Verification Data: As part of our KYC process for retail users, we may collect biometric data such as a facial photograph or video for face recognition and liveness detection. This is used solely to verify that you are a real person and that your ID documentation is authentic and belongs to you. For institutional clients or high-net-worth individuals, we collect corporate documentation (e.g. certificates of incorporation, trust deeds) and information about directors, officers, and ultimate beneficial owners.
• Financial and Account Information: Information related to your use of our trading and investment Services. For example, if you connect external exchange accounts via API, we collect API keys, secrets, or tokens that allow our platform to execute trades on your behalf. We also collect information about your linked cryptocurrency addresses or accounts, transaction history, trading preferences, and balances on our platform. If you use our fiat on-ramp or off-ramp services, we collect bank account details or payment card information needed to process those transactions.
• Transaction and Usage Data: Details of the trades and transactions you execute using our Services, including timestamps, trade size, assets involved, and outcomes. We also record logs of your interactions with our platform (e.g., login times, device information, IP addresses, and other usage details) for security, troubleshooting, and analytics.
• Payment Information: If you purchase a subscription or pay fees, our third-party payment processors will collect payment details such as your credit/debit card number or bank account information. We do not store full payment card details on our systems; however, we may store references or tokens provided by the payment processor, as well as records of your subscription status and payment history.
• Communication Data: Copies of communications you send to us or post on our platform, such as customer support inquiries, feedback, or chat messages. These may be retained to address your requests and improve our Services.
• Cookies and Similar Technologies: When you use our website, we may use cookies and tracking technologies to remember your preferences and collect information about how you use our site (such as pages viewed, clicks, and scrolls). You have choices to control cookies through your browser settings and, where required by law, we will ask for your consent before using certain cookies.

We limit our collection to information that is relevant and necessary for the purposes described. You may choose not to provide certain personal information; however, this may limit your ability to use some of our Services (for instance, failing to complete KYC verification will prevent you from accessing trading features).

How We Use Your Information

• Providing and Enhancing Services: We use personal and financial information to create and manage your account, authenticate your identity during login, and enable the trading and investment features of our platform. For example, your API keys and exchange connection details are used to execute trades as per your instructions or automated strategy settings. We also use usage data and analytics to improve our AI trading algorithms, user interface, and overall service performance.
• Compliance and Verification: Your KYC information (ID documents, proofs of address, etc.) and identity verification data are used to comply with legal obligations regarding customer identification (KYC) and anti-money laundering (AML). We verify your information against third-party databases and use AI-based facial recognition to prevent identity fraud. We also use your information to conduct ongoing monitoring of transactions for signs of money laundering, fraud, or other illicit activity, as required by law.
• Communication: We use your contact information (email, phone) to send you service-related notifications such as account alerts, transaction confirmations, security verifications (including multi-factor authentication codes), and updates about changes to our terms or policies. With your consent, we may also send promotional communications, newsletters, or market updates. You can opt out of marketing emails at any time by using the unsubscribe link or contacting us.
• Payments and Subscription Management: We process your payment information to charge subscription fees or other fees owed for using the platform. For example, if you are on a paid monthly plan, our payment processor will charge your card or account on a recurring basis. We maintain records of your payments and subscription status. Payment information may also be used to detect and prevent fraudulent payments.
• Risk Management and Security: Information such as your trading patterns, device identifiers, and IP address may be used to detect suspicious behavior and to protect against unauthorized access to accounts. We use automated systems (including AI-driven risk management tools) to prevent treasury overexposure, detect anomalies in trading activity, and guard against market manipulation or excessive leverage usage on your account. These measures help maintain the security and stability of the platform for all users.
• Aggregate Analytics: We may anonymize or aggregate personal data so it no longer identifies you and use it for analytical purposes, such as measuring user engagement, performance metrics of our algorithms, and business improvements. For example, we might analyze aggregated trading data to understand market trends or user success rates, but without reference to specific individuals.
• Legal Obligations and Enforcement: In certain cases, we are legally obligated to use or disclose your information. This includes cooperating with regulators and law enforcement, complying with court orders or subpoenas, and fulfilling tax and reporting obligations. We also use personal information to enforce our own legal rights and agreements – for instance, to investigate potential violations of our Terms of Service, fraud, or security breaches. If you violate the Terms or engage in unlawful activity, we may use your information to take action (such as account suspension) and provide details to the appropriate authorities as required.

We do not use your personal data for any purpose that is incompatible with the purposes outlined above without first obtaining your consent. We do not sell your personal information to third-party marketers.

Data Sharing and International Transfers

We treat your personal information with care and confidentiality. However, in order to run our business and comply with laws, we sometimes need to share information with third parties or transfer it across international borders:

• Service Providers: We may share necessary personal information with trusted third-party service providers who perform services on our behalf. This includes identity verification services (for KYC/AML checks and facial recognition), payment processors (to handle subscription billing and fiat transactions), secure cloud hosting providers, data analytics services, customer support tools, and email/SMS delivery services. These providers are contractually obligated to protect your data and use it only for the purposes of providing services to QuantaTradeAI.
• Exchange and Banking Partners: If you connect external exchange accounts or use our bank transfer features, we share data as needed with those third parties. For example, if you link a crypto exchange via API, our system will communicate with that exchange using your API credentials to get balances and execute trades on your behalf. Similarly, if you deposit or withdraw via a banking partner (SEPA, SWIFT, ACH), we will exchange necessary information with those financial institutions to facilitate the transaction (such as your name, account number, and transaction details). All such partners are required to have appropriate security and compliance measures in place.
• Corporate Affiliates: If QuantaTradeAI is part of a corporate group, we may share your information with our parent company, subsidiaries, or affiliates for purposes consistent with this Privacy Policy (for example, internal administration, platform enhancements, or consolidated regulatory compliance functions). Any such affiliates will honor the commitments made in this policy.
• Legal and Regulatory Disclosure: We may disclose your information to government authorities, regulators, or law enforcement if required by law or if we, in good faith, believe such action is necessary to (a) comply with a legal obligation (such as responding to a lawful subpoena or court order), (b) protect our rights or property, (c) prevent fraud or abuse of our platform, or (d) protect the safety of our users or the public. For instance, as a financial services platform, we may be required to share customer information with financial regulators or financial intelligence units upon request.
• Business Transfers: If QuantaTradeAI is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your personal data may be transferred to the successor or acquiring entity as part of that transaction. We will ensure that any such entity is bound to respect your personal data in a manner consistent with this policy. We will notify you of any change of ownership or control of your personal information either through the website or via email.

Because we operate internationally, the recipients mentioned above may be located outside of your home jurisdiction. Specifically, if you are an EU/EEA resident, your personal data may be transferred to countries that the European Commission has not determined to have an adequate level of data protection (for example, to the United States). In such cases, we take additional measures required by GDPR to protect your data, such as entering into EU Standard Contractual Clauses with the receiving party or ensuring the entity is Privacy Shield certified (if in the US, where applicable). We also implement technical safeguards like encryption to protect data in transit. You can contact us to learn more about the safeguards we have in place for international transfers of personal data.

Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for legal, accounting, or reporting requirements.

• Retention Periods: In general, we will keep your account information and data while your account is active. After you close your account or cease using our Services, we may retain your data for a certain period. For example, financial regulations and AML laws often require us to retain KYC information and transaction records for a minimum period (commonly 5 to 7 years) after the end of the customer relationship. We also retain data as needed to resolve disputes, enforce our agreements, or comply with tax and other legal obligations.
• Right to Deletion: We support your right to be forgotten in accordance with GDPR and other applicable laws. You may request that we delete your personal data from our systems at any time. Upon receiving a verified deletion request, we will delete or anonymize your personal information within a reasonable timeframe (generally within 30 days), provided that we are not legally required or have legitimate grounds to retain it. Please note that certain data cannot be deleted on request if we must keep it for legal compliance (e.g., records of transactions and identity verification already performed, which we may need to retain to satisfy anti-money laundering regulations or respond to law enforcement inquiries). We will inform you if such an exception applies when you make a deletion request.
• Deletion Process: To request deletion of your data, you should contact us at the email or physical address provided in this policy (see “Contact Us” section below). For security, we may ask you to verify your identity before processing the request. Once your request is confirmed and applicable, we will remove your personal data from our active databases and put your account in a deletion queue. Backup or archival copies might be retained for a short period until their normal retention cycle is completed, but they will be securely isolated and eventually deleted as well.
• Blockchain Data: If any aspect of our Service uses blockchain technology (for example, recording transactions or trades on a public blockchain), understand that we cannot edit or erase data that is stored on an immutable blockchain. For instance, if you participated in transactions that are recorded on Ethereum or another public ledger, those records cannot be altered or removed by us. However, any off-chain personal data we control about those transactions can be deleted upon request as described above. We do not record unnecessary personal details on any blockchain; personal data is kept off-chain in our secure databases.

After the retention period expires or your deletion request is fulfilled, we will securely dispose of or anonymize your data so that it can no longer be associated with you. Anonymized aggregate data (which is no longer personally identifiable) may be retained indefinitely for analytics and business purposes.

Security Measures

We take the security of your data very seriously and implement a range of technical and organizational measures to protect it against unauthorized access, loss, misuse, or alteration. These measures include:

• Encryption: Sensitive data (such as passwords, API keys, and personal identification details) is encrypted both in transit and at rest. Our websites use HTTPS/TLS encryption to ensure data is securely transmitted between your device and our servers. Critical secrets and keys are stored using strong encryption algorithms in secure environments.
• Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized personnel with background checks and training in data protection are allowed to handle KYC information or critical account data. Administrative access to our systems requires multi-factor authentication and is logged and audited. We segregate duties among team members so that no single person can perform sensitive actions (for example, fund transfers) without oversight.
• Account Security Features: We offer and strongly encourage the use of two-factor authentication (2FA) on user accounts to add an extra layer of security. Additionally, we monitor login attempts and will notify you of any suspicious login activity or new device access to your account. If we detect unusual patterns (e.g., login from a new country or rapid transactions atypical for your profile), we may temporarily lock the account and request additional verification.
• Smart Contract and Funds Security: If you utilize our cryptocurrency treasury or automated trading features, know that any on-chain smart contracts handling user funds are thoroughly audited and secured. We use multi-signature (“multi-sig”) approval processes for any movements of funds from our treasury or wallets, meaning no single individual can unilaterally transfer assets without secondary approvals. Reputable third-party security firms (such as CertiK, OpenZeppelin, or ChainSecurity) conduct audits of our smart contracts and platform code to identify and fix vulnerabilities before deployment. We also employ continuous automated AI risk monitoring that can detect anomalies in trading activity or fund allocations, helping to prevent treasury overexposure and mitigate losses in volatile market conditions.
• Infrastructure Security: Our servers are protected by firewalls, network segmentation, and intrusion detection systems. We keep all software and dependencies up to date with the latest security patches. Regular vulnerability scans and penetration tests are performed on our systems. Data centers hosting our servers employ robust physical security, including 24/7 monitoring, access controls, and redundancy to protect against outages.
• Third-Party Audits & Certifications: From time to time, we engage independent security auditors to review our systems and processes. We also comply with any security standards or regulatory requirements relevant to our operations. For example, if we process credit card payments, we adhere to PCI-DSS standards for handling payment data. While no system can be 100% secure, we strive to follow industry best practices (and even pioneer new ones via AI risk management) to safeguard your information.

Despite our strict security protocols, it’s important to note that no method of electronic storage or transmission over the internet is completely foolproof. We cannot guarantee absolute security of your data. You also play a role in security: please protect your account credentials, use a strong unique password, enable 2FA, and notify us immediately if you suspect any unauthorized access to your account. We will promptly inform you and the appropriate authorities of any data breach that involves your personal data, as required by law.

Your Rights and Choices

Depending on your jurisdiction, you have certain rights over your personal data. QuantaTradeAI is committed to honoring these rights and providing you with control over your information:

• Access and Rectification: You may request a copy of the personal data we hold about you, and you have the right to correct or update any inaccuracies. Most of your basic account information can be reviewed and edited at any time by logging into your account settings. For any details not accessible online, contact us to exercise your access right. We will provide the information free of charge within the time frame required by law (typically within 30 days). If any data is incorrect or outdated, you can ask us to correct it, and we will do so promptly.
• Deletion: As noted in the Data Retention section above, you may ask us to delete your personal data. See “Data Retention and Deletion” for details on how we handle those requests and the exceptions that may apply.
• Objection and Restriction: You have the right to object to certain processing of your data, such as for direct marketing or if you believe our processing is based on a legitimate interest that isn’t sufficiently justified. You can also request that we temporarily restrict processing of your data (for instance, while we verify an accuracy claim or an objection you raised). We will honor such requests where required by applicable law.
• Data Portability: Where applicable (e.g., under GDPR), you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another service provider. For example, we can provide a CSV or JSON file of certain account data upon request. This right applies when processing is carried out by automated means and is based on your consent or on a contract.
• Withdraw Consent: If we rely on your consent to process any personal data, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by clicking “unsubscribe,” or disable certain data collection by adjusting your account settings or browser options (such as opting out of analytics cookies). Withdrawal of consent will not affect the lawfulness of any processing done prior to such withdrawal.
• Complaints: If you have concerns about how we are handling your personal data, please let us know so we can address them. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection supervisory authority. For EU users, this is typically the authority in the country of your residence or where our business is established. We will provide details of the relevant authority upon request.

We will not discriminate against you for exercising any of these rights. Some rights may be subject to certain exceptions or limitations under law. When you contact us to exercise a privacy right, we may need to verify your identity to ensure we don’t disclose or modify information for the wrong person. This is for your security.

Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, please do not attempt to use our platform or send any personal data to us. If we learn that we have inadvertently collected personal information from a minor under 18, we will take steps to delete that information as soon as possible. Parents or guardians who become aware that their child has provided us with information should contact us immediately so we can remove the data and terminate any accounts if necessary.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this policy. If the changes are significant, we will provide a more prominent notice (such as by email notification to registered users or a notice on our website). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should stop using the Services and can request that your data be deleted as described above.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: privacy@quantatradeai.com (for privacy inquiries or GDPR data requests)

Support: support@quantatradeai.com

We will respond to your inquiries as promptly as possible, and no later than required by applicable law. Your privacy is important to us, and we welcome your feedback on our privacy practices.