GDPR Compliance
Last updated: April 2026 · QuantNeuralEdge · Romania, EU
QuantNeuralEdge is operated from Romania, a Member State of the European Union. We are fully committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page explains your rights as a data subject, what data we process, our legal bases for processing, and how to exercise your rights.
1. Data Controller
The data controller responsible for your personal data is:
2. Personal Data We Process
We process only the minimum data necessary for each purpose:
| Data Category | Examples | Purpose |
|---|---|---|
| Account Data | Email address, hashed password | Authentication, account management |
| Billing Data | Stripe customer ID, subscription status, tier | Payment processing, subscription management |
| Usage Data | IP address, browser type, pages visited, timestamps | Analytics, security, service improvement |
| Trading Preferences | Preferred tickers, timeframes, risk tolerance | Personalising AI signals and recommendations |
| License Data | License key, activation status, device hash | Software licensing and anti-piracy |
| Contact Data | Name, email from contact forms | Responding to enquiries and support requests |
We do not collect sensitive personal data (Article 9) such as health data, biometric data, political opinions, or religious beliefs.
3. Legal Bases for Processing (Article 6)
We process personal data under the following legal bases:
- Performance of a contract (Art. 6(1)(b)) — processing necessary to provide you with the services you signed up for: account creation, AI signal generation, subscription management, and software licensing.
- Legitimate interests (Art. 6(1)(f)) — analytics, fraud prevention, security monitoring, and improving our services. We balance these interests against your rights and freedoms.
- Consent (Art. 6(1)(a)) — where you explicitly opt in, for example subscribing to marketing emails or enabling optional cookies. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — where we are required to retain data for tax, accounting, or regulatory compliance.
4. Your Rights as a Data Subject
Under the GDPR, you have the following rights. To exercise any of them, email us at quantneuraledge@gmail.com. We will respond within 30 days.
Right of Access (Article 15)
You have the right to request a copy of all personal data we hold about you, free of charge. We will provide the data in a commonly used, machine-readable format.
Right to Rectification (Article 16)
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., billing records for tax purposes). Upon request, we will:
- Delete your account and associated data
- Remove your email from all systems
- Anonymise any analytics data linked to your account
- Revoke all active license keys
Right to Restriction of Processing (Article 18)
You may request that we restrict the processing of your data while we verify accuracy, evaluate a legitimate interest objection, or in other circumstances defined by the GDPR.
Right to Data Portability (Article 20)
Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV), and to transmit it to another controller.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interests. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right Not to be Subject to Automated Decision-Making (Article 22)
Our AI trading signals are provided as informational tools only and do not constitute automated decisions that produce legal effects. You are always free to act on, ignore, or override any AI-generated recommendation. No automated profiling is used for decisions that significantly affect you.
5. Data Processors & Third Parties
We share personal data only with the following processors, all of which are GDPR-compliant:
| Processor | Purpose | Data Shared |
|---|---|---|
| Supabase (EU region) | Authentication, database | Email, hashed password, user ID |
| Stripe | Payment processing | Email, payment method (handled by Stripe) |
| Vercel | Website hosting, analytics | IP address, usage data |
| Render | API hosting | IP address, request data |
| Anthropic | AI signal generation | Ticker symbols, market data (no personal data) |
| Upstash | Rate limiting, caching | License keys, IP hashes |
We do not sell, rent, or share your personal data with any third party for marketing purposes.
6. International Data Transfers
Some of our processors (Stripe, Vercel, Render, Anthropic) may process data in the United States. Where data is transferred outside the EEA, it is protected by:
- EU-US Data Privacy Framework — certified processors under the adequacy decision of the European Commission (July 2023)
- Standard Contractual Clauses (SCCs) — where the DPF does not apply, we ensure SCCs are in place as per Commission Decision 2021/914
7. Data Retention
We retain personal data only for as long as necessary:
- Account data — retained while your account is active; deleted within 30 days of account deletion request
- Billing records — retained for 7 years to comply with Romanian tax law
- Server logs — retained for 90 days, then automatically purged
- Trading signals — anonymised after 12 months
- Contact form messages — retained for 6 months after resolution
8. Data Security
We implement appropriate technical and organisational measures to protect your data:
- All data transmitted over HTTPS/TLS 1.3 encryption
- Passwords hashed with bcrypt (never stored in plaintext)
- Database access restricted to authenticated services only
- Security headers enforced (HSTS, CSP, X-Frame-Options)
- API rate limiting to prevent abuse
- Regular security audits of the codebase
- Environment secrets managed via secure dashboards (Render, Vercel)
9. Cookies
Our website uses only strictly necessary cookies for authentication and session management. We do not use:
- Advertising or tracking cookies
- Third-party marketing pixels (Facebook Pixel, Google Ads, etc.)
- Cross-site tracking of any kind
Vercel Analytics collects anonymous, aggregated performance data. No personal data is collected through analytics, and no cookie consent banner is required for strictly necessary cookies under GDPR Article 5(3) of the ePrivacy Directive.
10. Children's Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete it promptly.
11. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours of becoming aware of the breach (Article 33)
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (Article 34)
- Document the breach, its effects, and the remedial actions taken
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:
ANSPDCP — Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: dataprotection.ro
Email: anspdcp@dataprotection.ro
13. Changes to This Policy
We may update this GDPR policy from time to time. Material changes will be communicated via email to registered users and/or a prominent notice on the website. The "Last updated" date at the top of this page will be revised accordingly.
Exercise Your Rights
To exercise any of your GDPR rights (access, rectification, erasure, portability, objection), or for any data protection enquiries:
Email: quantneuraledge@gmail.com
Subject line: GDPR Request — [Your Request Type]
We will verify your identity and respond within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.