QUONTIS← Back to home

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how Quontis (“we,” “us,” or “our”) collects, uses, and protects information when you use quontis.io and its related services (collectively, the “Service”). By creating an account you agree to this policy. If you have questions, contact us at privacy@quontis.io.

1. Information We Collect

Account information

  • Email address
  • Display name
  • Password (stored as a bcrypt hash — we never store your plaintext password)
  • Optional public profile slug and bio if you enable a shareable profile at Settings

Trade data

  • Symbol, direction (long/short), entry and exit prices
  • Realized and unrealized P&L, session type, and setup tags
  • Emotional state (tilt score 1–10) and any notes you add
  • Trading rule violations you self-report
  • Screenshots you upload alongside trade entries

Gamification data

  • XP points, level, earned badges, active missions, and streak counts

AI Coach data

  • Messages you send in the AI Coach chat interface
  • Trade context automatically included with coaching requests (see Section 3)

Usage data

  • Pages visited, feature interactions, and session timestamps
  • Browser type, operating system, and IP address via standard server logs

Billing data

  • Stripe handles all payment processing. We store only your Stripe customer ID — we never see or store card numbers, bank details, or full billing addresses.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your account and protect against unauthorized access
  • Display your trade history, analytics, and gamification progress
  • Generate AI coaching responses via the Anthropic API (see Section 3)
  • Process subscription payments and manage billing through Stripe
  • Send transactional emails (password reset, account notifications) via Resend
  • Detect and prevent abuse, fraud, or violations of our Terms of Service
  • Respond to support requests you initiate

We do not sell your personal data. We do not use your data for behavioral advertising.

3. AI Coach Data Processing

The AI Coach feature sends your messages and relevant trade context (recent trades, P&L summaries, tilt scores, and rule violations) to the Anthropic API to generate coaching responses. This is the minimum context required to produce personalized, actionable feedback.

Anthropic processes this data solely to return the AI response. Anthropic's API usage policy states that API-submitted data is not used to train their models by default. You can review Anthropic's privacy practices at anthropic.com/privacy.

Do not include sensitive personal information (Social Security numbers, bank account details, etc.) in AI Coach messages. Coach conversations are stored in our database so you can review them later, and they are subject to the same retention and deletion rights as all other data.

4. Third-Party Services

We share limited data with the following third parties to operate the Service:

ServicePurposeData shared
StripePayment processingEmail, subscription status. Card data goes directly to Stripe (PCI-DSS compliant).
AnthropicAI coaching responsesCoach messages and trade context. See Section 3.
ResendTransactional emailYour email address and the content of system-generated emails (e.g., password reset).
RailwayHosting and databaseAll application data is stored in Railway's managed MySQL database (cloud infrastructure).

Each provider is contractually bound to use your data only to provide the service we have engaged them for. We do not permit them to use your data for their own marketing or to sell it to third parties.

5. Cookies & Sessions

Quontis uses a minimal cookie footprint. We set one first-party session cookie:

  • next-auth.session-token — a JWT cookie issued by NextAuth v4. It is HttpOnly, Secure (HTTPS only), and SameSite=Lax. It contains your user ID and session expiry; it does not contain your password or payment information.

We do not use third-party tracking cookies, advertising pixels, or analytics SDKs that share data with external platforms. There are no Google Analytics, Meta Pixel, or similar trackers on this site.

6. Data Storage & Security

  • All data is stored in a MySQL database hosted on Railway's cloud infrastructure.
  • Data at rest is encrypted by Railway's managed database service.
  • All data in transit is protected by TLS (HTTPS). The Service is not accessible over plain HTTP.
  • Passwords are hashed with bcrypt (minimum 10 rounds) before storage. We cannot recover your plaintext password.
  • Trade screenshots are stored in a per-user isolated directory; no user can access another user's files.

No security system is perfect. In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify affected users by email within a reasonable timeframe.

7. Data Retention

  • Active account data is retained for as long as your account is open.
  • If you request account deletion, all personally identifiable data (email, name, trades, coach messages, gamification records, and screenshots) is permanently deleted within 30 days of the confirmed request.
  • Anonymized aggregate statistics that cannot be linked back to you may be retained indefinitely for product improvement.
  • Billing records required for tax and legal compliance may be retained for up to 7 years per applicable law, but will contain only the minimum information required.

8. Your Rights

You have the following rights regarding your data:

  • Access: You can view all your trade data, coach conversations, and profile information directly in the dashboard at any time.
  • Export: You can download a CSV of all your trades from the Trades page. No waiting, no request required.
  • Correction: You can edit your trades, profile information, and display name directly in the app at any time.
  • Deletion: To permanently delete your account and all associated data, email support@quontis.io with the subject line “Account Deletion Request.” We will confirm and process the deletion within 30 days.
  • Portability: Your CSV export constitutes a machine-readable, portable copy of your core data.
  • Objection / Restriction: If you object to how we process your data or wish to restrict processing, contact privacy@quontis.io and we will review your request within 30 days.

9. Children's Privacy

Quontis is a financial tools platform intended for adults. The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us at support@quontis.io and we will delete the account promptly.

10. International Data Transfers

Quontis is operated from the United States. Railway's infrastructure, Anthropic's API, and Stripe's payment processing are also primarily US-based. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA) or the United Kingdom and have concerns about international transfers, please contact us at privacy@quontis.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where practical, notify you by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

We encourage you to review this page periodically. Archived versions are available on request by emailing privacy@quontis.io.

12. Contact

For privacy-related questions or requests, contact us at:

Quontis

Privacy inquiries: privacy@quontis.io

General support: support@quontis.io

Website: quontis.io

Terms of Service|Home