Privacy Policy

Last updated: August 20, 2025

This Privacy Policy describes how Quant Clockworks ("we", "us", or "our") collects, uses, and protects your personal information when you use our Geomapping services.

Introduction and Scope

This Privacy Policy applies to all Geomapping services, including:

This policy explains your privacy rights and how the law protects you. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Data Controller and Contact Information

Quant Clockworks is the data controller for your personal information. Our contact details are:

Personal Information We Collect

  1. Platform Services Data Collection

    1. Account Information: Email address as primary user identifier and subscription details
    2. Host Identifier: Unique identifier tied to your account that must be included in your website's HTML to enable geomapping functionality
    3. Billing Information: Information necessary to tie your account to our Merchant of Records for subscription and billing purposes
    4. Article Content: Articles retrieved from URLs you specify, stored internally in modified form for processing
    5. Processing Data: Information from various steps in processing your articles for geomapping functionality
    6. Configuration and GeoJSON: Complete history of article configuration files and GeoJSON for usage inside the platform, including undoing and redoing modifications
    7. Published Content: Article configuration files and GeoJSON data made available through geomapping-public (accessible only with host identifier knowledge); publishing is a user-initiated action
    8. Error Logs: Technical error information stored for limited periods to maintain service functionality
    9. Technical Data: IP addresses, browser information for service provision and security

  2. Public Resources Data Collection

    1. CDN Log Processing: We process CDN logs to extract referring URLs, request paths (which may include host identifiers), and data transfer volumes for subscription billing and metering
    2. Security Monitoring: CDN and internal logs are processed for security purposes, including IP address retention for threat detection
    3. Traffic Analytics: Our CDN provides minimal aggregated analytics regarding traffic distribution at the continental level
    4. No External Analytics: We do not use Google Analytics or other external analytics services

  3. Browser Extension Data Collection

    1. Configuration Parameters: Extension settings and configuration stored locally in browser storage
    2. Host Identifier Retrieval: The extension can retrieve your host identifier from logged-in geomapping-platform sessions
    3. Session Automation: The extension may automate processes on geomapping-platform using your logged-in session
    4. No Browsing Monitoring: The extension does not monitor or collect general browsing activity

  4. Website and Marketing Data

    1. Contact Information: Information you provide when contacting us for support or inquiries
    2. No External Analytics: We do not use Google Analytics, tracking tools, or marketing cookies on our website
    3. Email Communications: We send essential platform information to user email addresses and reserve the right to send important platform updates
    4. Future Marketing: We may implement opt-in or opt-out systems for content updates and marketing communications

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  1. Contractual Necessity: Processing necessary for performing our contract with you, including:

    • Providing Platform Services functionality
    • Processing subscription payments
    • Delivering Public Resources through CDN
    • Browser Extension synchronization and functionality

  2. Legitimate Interests: Processing for our legitimate business interests, including:

    • Service improvement and optimization
    • Security and fraud prevention
    • Analytics and performance monitoring
    • Customer support and communication

  3. Legal Compliance: Processing required by law, including:

    • Tax and accounting requirements
    • Data protection law compliance
    • Legal dispute resolution

  4. Consent: Where you have given specific consent for processing, including:

    • Marketing communications (if applicable)
    • Non-essential analytics cookies
    • Optional data processing features

How We Use Your Information

  1. Service Provision:

    • Provide and maintain our Platform Services, Public Resources, and Browser Extension
    • Process your account registration and subscription management
    • Deliver content and respond to your requests
    • Enable data synchronization between services

  2. Service Improvement:

    • Analyze usage patterns to improve service functionality
    • Optimize performance and user experience
    • Develop new features and capabilities
    • Conduct research and analytics

  3. Communication:

    • Provide customer support and respond to inquiries
    • Send service-related notifications and updates
    • Communicate about account and billing matters

  4. Security and Legal Compliance:

    • Protect against fraud, abuse, and security threats
    • Enforce our Terms of Service and policies
    • Comply with legal obligations and respond to legal requests
    • Resolve disputes and enforce agreements

Information Sharing and Disclosure

  1. We Do Not Sell Personal Data

    We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

  2. Service Providers and Partners

    1. Payment Processing: Payment and billing information is processed by our Merchant of Records partner for subscription management
    2. CDN Services: KeyCDN for Public Resources distribution and performance optimization
    3. Hosting Services: Hetzner VPS for primary hosting within the European Union
    4. Backup Services: AWS for database backup storage
    5. Email Services: postale.io for transactional and support email communications

  3. Legal Requirements

    We may disclose your information when required by law, court order, or to:

    • Comply with legal processes and government requests
    • Protect our rights, property, or safety
    • Protect the rights, property, or safety of our users or others
    • Investigate and prevent fraud or security issues

  4. Business Transfers

    In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the business transaction, with appropriate notice and protection of your rights.

Data Storage and International Transfers

  1. Data Storage Locations

    1. Primary Storage: Your data is primarily stored within the European Union
    2. CDN Distribution: Public Resources may be cached globally through CDN services for performance optimization
    3. Backup and Disaster Recovery: Data backups are preferably stored within the European Union, though may be stored in multiple geographic locations for service reliability

  2. International Data Transfers

    1. Some personal data (primarily usage data and technical information) may be transferred to countries outside the European Economic Area through CDN services, analytics providers, and other service providers
    2. We ensure appropriate safeguards are in place, including:
      • Standard Contractual Clauses (SCCs) with data processors outside the EEA
      • Adequacy decisions by the European Commission for certain countries
      • Other legally approved transfer mechanisms as required by applicable law
    3. Our Merchant of Records partner may process billing and payment data internationally under their own data protection obligations
    4. You can request information about specific safeguards by contacting privacy@qcw.ai

Data Retention

  1. General Retention Principles

    We retain personal data only as long as necessary for the purposes for which it was collected, including legal, accounting, or reporting requirements.

  2. Specific Retention Periods

    1. Account Data: Retained while your account is active and for up to 30 days after account deletion for operational purposes
    2. Usage Logs: Retained for at least 2 months to enable billing recalculations and subscription management
    3. Billing Records: Retained for 7 years for legal and tax compliance requirements as mandated by applicable law
    4. Support Communications: Retained for 2 years to provide ongoing support and resolve issues
    5. Error Logs: Retained for limited periods (typically 30-90 days) then deleted
    6. Aggregated Analytics: Anonymized usage data may be retained indefinitely for service improvement
    7. Legal Hold Data: Data subject to legal proceedings may be retained until resolution of such matters

  3. Data Deletion and Legal Retention Requirements

    1. When retention periods expire, we securely delete or anonymize personal data, including support communications, usage logs, and account preferences
    2. Email addresses and subscription data may be retained longer for legal compliance, tax obligations, and coordination with our Merchant of Records partner
    3. Our Merchant of Records partner maintains their own data retention schedule for billing and payment information
    4. Some data may persist in backups for technical reasons but will not be accessible for processing
    5. Upon account deletion, we will anonymize or delete personal data except where retention is required by law

Your Privacy Rights

  1. Rights Under GDPR (EU Users)

    1. Right of Access: Request information about how your personal data is processed
    2. Right of Rectification: Request correction of inaccurate or incomplete personal data
    3. Right of Erasure: Request deletion of your personal data under certain circumstances
    4. Right to Restrict Processing: Request limitation of processing under specific conditions
    5. Right to Data Portability: Receive your personal data in a structured, machine-readable format
    6. Right to Object: Object to processing based on legitimate interests or for direct marketing
    7. Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

  2. Rights Under CCPA (California Users)

    1. Right to Know: Request information about personal information collection and use
    2. Right to Delete: Request deletion of personal information
    3. Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
    4. Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

  3. Exercising Your Rights

    1. Account Settings: Privacy controls may be available directly in your Platform Services account settings
    2. Contact Us: Submit requests to privacy@qcw.ai with identification verification
    3. Response Time: We respond to requests within 30 days (GDPR) or 45 days (CCPA)
    4. Verification: We may require identity verification to protect your personal data
    5. Appeals: You may appeal our decisions regarding your privacy requests

  4. Supervisory Authority Rights

    EU users have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Cookies and Tracking Technologies

  1. Types of Cookies We Use

    1. Essential Cookies: Authentication access tokens necessary for Platform Services login and core functionality
    2. No Analytics Cookies: We do not use cookies for analytics, advertising, or tracking purposes
    3. No Third-Party Cookies: We do not use social media plugins or external services that set cookies

  2. Cookie Management

    1. Current Cookies: We currently only use essential authentication cookies for Platform Services
    2. Browser Settings: You can control cookies through your browser settings
    3. Essential Cookies: Required for service functionality and cannot be disabled
    4. Future Optional Cookies: If we add analytics or tracking cookies in the future, we will implement a consent management system
    5. Impact of Disabling: Disabling essential cookies will prevent access to Platform Services requiring authentication

  3. Third-Party Cookies

    Our CDN and analytics providers may set cookies for performance optimization and usage measurement. These are governed by their respective privacy policies.

Data Security

  1. Security Measures

    1. Technical Safeguards: Encryption in transit for all internet communications using secure communication protocols. Some internal data transfers within our secure network infrastructure may be unencrypted
    2. Access Controls: Limited access to personal data on a need-to-know basis through secure authentication systems
    3. Infrastructure Security: Secure hosting environments with industry-standard protections provided by our hosting infrastructure
    4. Security Monitoring: Security monitoring services provided by our infrastructure provider, supplemented by access logging and security best practices

  2. Data Breach Response

    1. We have procedures in place to detect, respond to, and mitigate data security incidents
    2. We will notify affected users and regulatory authorities as required by applicable law
    3. Breach notifications will be made within 72 hours to supervisory authorities where required

  3. Your Security Responsibilities

    1. Maintain the confidentiality of your account credentials
    2. Use strong, unique passwords for your accounts
    3. Notify us immediately of any suspected security issues
    4. Keep your Browser Extension updated for security patches

Children's Privacy

  1. Age Restrictions

    Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18.

  2. Parental Rights

    If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

  3. Contact for Child Privacy Concerns

    If you believe we have collected information from a child under 18, please contact us immediately at privacy@qcw.ai.

Changes to This Privacy Policy

  1. Policy Updates

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  2. Notification of Changes

    1. We will post the updated Privacy Policy on our website with a new effective date
    2. For material changes, we will provide additional notice through email or service notifications
    3. Continued use of our services after changes become effective constitutes acceptance of the updated policy

  3. Version History

    Previous versions of this Privacy Policy are available upon request by contacting privacy@qcw.ai.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time: We aim to respond to privacy inquiries within 5 business days and formal privacy requests within the legally required timeframes (30 days for GDPR requests, 45 days for CCPA requests).

Language: This Privacy Policy is available in English. If you need assistance in another language, please contact us and we will make reasonable efforts to accommodate your request.