Privacy Policy

Last updated: June 2026 · Operated by Quantum Nexus Technologies Ltd ("Quantum Nexus", "we", "us").

This policy describes our actual data practices for the website (quantum-nexus.dev) and the Veriqa product console (quantum-nexus.dev/app). It is provided in good faith for transparency. It is not legal advice; for binding terms applicable to a paid engagement, the executed Master Services Agreement and Order Form control.

1. What we collect

Account / sign-in data: your email address, submitted to receive a one-time sign-in link, and a session identifier.
Content you submit: the text, claims, documents, or cryptographic-inventory details you enter into the agent to be analysed, and the reports generated from them.
Usage records: which analyses you run and when (for quota and audit purposes).
Technical logs: IP address, request path, status, timing, and a correlation ID, retained for security, abuse-prevention, and debugging.

We do not collect payment-card data on our systems. We do not knowingly collect data from children.

2. How we use it & our legal bases (GDPR Art. 6)

To provide the service — run analyses, store your reports, and route them through the reviewer workflow. Legal basis: performance of a contract.
To secure the service — rate-limiting, abuse detection, and incident investigation. Legal basis: legitimate interests in protecting the service.
To communicate with you about a request or engagement you initiated. Legal basis: contract / legitimate interests.

We do not sell or "share" (as defined under CCPA/CPRA) your personal data, and we do not use the content you submit to train our own models. Our AI processor does not train on submitted content under its API terms.

3. Cookies, analytics & fonts

We do not set advertising or third-party analytics cookies. The product uses only a first-party session token (held in your browser's sessionStorage) needed to keep you signed in. Web fonts are self-hosted on our own domain and served same-origin; we do not load fonts from a third-party content-delivery network, so no third party receives your IP address or request metadata when fonts load.

4. Service providers (subprocessors)

We rely on the following processors. Each receives only the data needed to perform its function:

Provider	Purpose	Data
Vercel	Website + application hosting, edge/CDN, request logging	Technical logs, request content in transit
Supabase	Managed Postgres database	Account email, reports, usage + audit records
Anthropic	Optional AI enrichment of analysis (only when live-AI mode is enabled)	The material you submit for that analysis
Sentry (optional)	Error tracking, when enabled	Technical error context (no report content; PII scrubbing on)

5. International transfers

Quantum Nexus Technologies Ltd is organised in the Cayman Islands; our processors operate infrastructure in the United States and other regions. Where personal data of EEA/UK individuals is transferred across borders, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) as the transfer mechanism, and process only what is necessary to deliver the service.

6. Retention

We retain account data and reports for as long as your account is active or as needed to provide the service; technical/access logs are retained for a limited period (typically up to 90 days) for security and debugging, after which they are deleted or aggregated. You may request deletion at any time (see below), subject to limited legal-retention exceptions.

7. Your rights

Depending on your jurisdiction (including under the GDPR/UK GDPR and CCPA/CPRA), you may have rights to access, correct, delete, or port your personal data; to object to or restrict certain processing; and to opt out of any "sale" or "sharing" of personal information (we do not sell or share). You also have the right not to receive discriminatory treatment for exercising these rights. To exercise any right, contact us at hello@quantum-nexus.dev; we may need to verify your identity, and we respond within the timeframe required by applicable law (generally 30 days under the GDPR; 45 days under the CCPA). EEA/UK users may also lodge a complaint with their local data-protection supervisory authority.

8. Security

Connections are encrypted in transit (TLS), and database connections require TLS. Sign-in links are one-time and are not written to our application logs; access to customer-facing reports is gated by authentication and a reviewer workflow. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

9. Changes

We may update this policy; material changes will be reflected by the "last updated" date above.

10. Contact

Quantum Nexus Technologies Ltd — hello@quantum-nexus.dev

← Back to quantum-nexus.dev