Start free

Data Policy

Version: cd7c3a9fUpdated: May 2, 2026.

Data Policy

DRAFT — pending legal review. This document will be replaced with finalized legal copy from QuantumMind's counsel before public launch.

1. Data Processing Activities

QuantumMind processes the following categories of data on behalf of customers:

  • Account and identity data: name, email, company affiliation.
  • Business diagnostic data: financial figures, operational metrics, qualitative responses provided during assessments.
  • Usage and security telemetry: IP addresses, user agents, request timestamps, audit-log events (logins, password resets, integration changes).
  • Billing data: Stripe customer and subscription identifiers; we do not store payment card numbers.

We act as a data controller for account and security telemetry, and as a data processor for diagnostic data uploaded by customers on behalf of their organizations.

2. Lawful Basis for Processing

Where the GDPR or comparable laws apply, our lawful bases for processing include:

  • Contract: processing necessary to provide the Service you have purchased.
  • Legitimate interests: securing the Service, preventing fraud, improving features through aggregated analysis.
  • Legal obligation: tax records, anti-money-laundering checks, and similar compliance.
  • Consent: where explicitly obtained (e.g., optional feature communications).

3. Data Subject Rights (GDPR/CCPA)

You may exercise the following rights, subject to applicable law:

  • Access: request a copy of personal data we hold.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion (subject to retention obligations).
  • Restriction: limit processing in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Non-discrimination (CCPA): we will not discriminate against you for exercising your rights.

Submit requests via the contact in Section 6. We will respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA).

4. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers, particularly transfers from the EEA, UK, and Switzerland.

5. Data Breach Notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR).
  • Notify affected users without undue delay if the breach poses a high risk to their rights.
  • Document the nature, scope, and remediation of the breach in our internal incident log.

6. Data Protection Officer Contact

For data-protection inquiries, including data-subject requests:

  • Email: privacy@quantummind.example (placeholder)
  • Postal: address pending finalization

We will keep this contact information current and post any changes here.

Last updated: May 2, 2026.