Privacy Policy
Last updated: March 2026
1. Introduction
NeuroQuant ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered market analysis platform ("the Service").
This policy is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable European Union data protection legislation. We process personal data lawfully, fairly, and in a transparent manner.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
NeuroQuant acts as the data controller for the personal data processed through the Service. For any questions regarding data processing, you may contact us at:
- Email: privacy@neuroquant.app
3. Personal Data We Collect
We collect and process the following categories of personal data:
3.1 Account Information
- Email address (required for account creation and authentication)
- Display name (if provided)
- Authentication credentials (managed securely via Supabase Auth)
- Subscription plan and billing status
3.2 Usage Data
- AI analysis requests and the markets/assets analyzed
- Features used, frequency of use, and interaction patterns
- Timestamps of Service access and usage sessions
- Device type, browser type, and operating system (collected automatically)
3.3 User-Uploaded Content
- Chart screenshots and images uploaded for AI analysis
- Chat messages and queries submitted to the AI assistant
3.4 Payment Data
- Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We retain only a Stripe customer identifier and subscription status.
4. Legal Basis for Processing
Under the GDPR, we process your personal data on the following legal bases:
- Performance of a contract (Art. 6(1)(b)): Processing necessary to provide the Service to you, including account management, AI analysis, and subscription handling.
- Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your fundamental rights.
- Consent (Art. 6(1)(a)): Where required, we will obtain your explicit consent before processing data for specific purposes such as marketing communications.
- Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable legal requirements.
5. How We Use Your Data
We use your personal data for the following purposes:
- Providing the Service: To create and manage your account, authenticate your identity, deliver AI-generated market analysis, process uploaded chart images, and manage your subscription.
- Improving the Service: To analyze usage patterns, identify areas for improvement, and enhance the accuracy and reliability of our AI models.
- Communication: To send essential service notifications, security alerts, and, where you have opted in, product updates.
- Security and fraud prevention: To detect and prevent unauthorized access, abuse, and fraudulent activity.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
6. Third-Party Data Processors
We share your data with the following third-party processors, each of which is contractually bound to protect your data in accordance with GDPR requirements:
| Processor | Purpose | Data Location |
|---|---|---|
| Supabase | Authentication, database, and file storage | EU (Frankfurt, Germany) |
| Vercel | Application hosting and content delivery | EU / Global CDN |
| Stripe | Payment processing and subscription management | EU / US |
| AI Model Providers | AI-powered market analysis and chart interpretation | US / Global |
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions.
7. Data Retention
We retain your personal data according to the following schedule:
- Account data: Retained for the duration of your active account. Upon account deletion, your personal data will be erased within 30 days, except where retention is required by law.
- Uploaded chart images: Automatically deleted 30 days after upload. Images are processed for analysis and are not retained beyond this period.
- AI chat history: Retained while your account is active. Deleted upon account deletion or upon your request.
- Usage logs: Retained for up to 12 months for service improvement and security purposes, then anonymized or deleted.
- Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).
8. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.
- Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
- Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to applicable legal retention requirements.
- Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your data under certain circumstances.
- Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
- Right to object (Art. 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@neuroquant.app. We will respond to your request within 30 days as required by the GDPR. You also have the right to lodge a complaint with a supervisory authority in your EU member state of residence.
9. Cookies
We use minimal cookies that are strictly necessary for the operation of the Service:
- Session cookies: Used to maintain your authenticated session while using the Service. These are essential for the Platform to function and are automatically deleted when you close your browser or when your session expires.
- Authentication tokens: Used to securely identify your account session.
We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not engage in cross-site tracking or behavioral profiling.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL.
- Encryption of data at rest in our database systems.
- Secure authentication via Supabase Auth with support for industry-standard protocols.
- Regular security assessments and access control reviews.
- Primary data storage within the European Union (Supabase EU Frankfurt region).
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by Article 34 of the GDPR.
- Document the breach, its effects, and the remedial actions taken.
12. No Sale of Personal Data
We do not sell, rent, lease, or trade your personal data to third parties for their commercial purposes. Your data is only shared with the third-party processors listed in Section 6, solely for the purposes described in this Privacy Policy.
13. Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@neuroquant.app.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by posting a prominent notice on the Platform at least 30 days before the changes take effect.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of the revised policy constitutes your acknowledgment of the changes.
15. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your GDPR rights, or have concerns about how your data is handled, please contact us:
- Data Protection Inquiries: privacy@neuroquant.app
- General Inquiries: legal@neuroquant.app