what we collect
account data
- email address - for authentication and account recovery
- password hash - bcrypt hashed, never stored plaintext
- name - optional, for personalization
- google oauth data - if you sign in with google: email, name, profile picture
- 2fa backup codes - if you enable two-factor authentication
usage data
- download logs - which files you downloaded, when (for quota tracking & your own records)
- api token usage - which api endpoints you hit, when (for rate limiting & abuse detection)
- ip address & browser info - automatically logged by cloudflare (our hosting provider)
- login timestamps - when you access your account
what we DON'T collect
- ❌ browsing behavior outside our site (no tracking pixels)
- ❌ behavioral analytics (who clicks what on the ui)
- ❌ unnecessary cookies beyond session auth
- ❌ payment information (we're not monetized yet - when we launch stripe, this changes)
why we collect this
| data | reason |
|---|
| email, password hash | authenticate you securely |
| download logs | enforce 25 gb/month quota fairly |
| api usage | prevent abuse & rate limit bad actors |
| login timestamps | security & abuse detection |
| ip address (cloudflare) | ddos protection, required by our hosting provider |
who we share with
we don't sell your data.
we share your information with:
- • google - only if you sign in with google (they get your email/name per oauth standard)
- • cloudflare - our hosting provider sees ip addresses & general usage patterns
- • stripe - payment processor (coming soon when we launch paid tiers)
that's it. no third-party analytics companies, no marketing partners, no data brokers.
data retention
- • account data - kept until you delete your account
- • download logs - kept for 90 days (for quota tracking & dispute resolution)
- • login logs - kept for 30 days (for security)
- • api tokens - kept until you revoke them
- • deleted accounts - permanently wiped except anonymized usage stats
your rights (GDPR & CCPA)
if you're in the eu, united kingdom, or california, you have these rights:
access
"what data do you have about me?"
email info@quantum-edge.app with "access request" in subject.
we'll send you a json export of all your data within 30 days.
delete
"remove my account and data"
email info@quantum-edge.app with "deletion request".
we'll wipe everything except anonymized stats within 30 days.
note: if you've already downloaded data, we can't delete that from your systems.
export
"give me my data in a portable format"
email info@quantum-edge.app with "data export".
we'll send a json dump of your account data.
correct
"fix my account info"
edit your email/name directly in account settings, or email us.
withdraw consent
"stop processing my data"
email info@quantum-edge.app with "withdraw consent".
we'll delete your account and all personal data.
response time: we aim for 7 days. gdpr/ccpa require 30 days max.
security
we take security seriously:
- • passwords are bcrypt hashed (never plaintext)
- • api tokens are hashed before storage
- • cloudflare protects against ddos & provides edge security
- • ssl/tls encrypts data in transit
- • database access is restricted to our api servers
what we don't do:
- • store credit cards (stripe handles that)
- • run unnecessary scripts/trackers
- • share api keys with third parties
california resident rights (CCPA)
you have the right to:
- • know what personal information we collect
- • delete your personal information
- • opt-out if we ever sell your data (we don't, but you can opt out anyway)
- • non-discrimination for exercising these rights
email info@quantum-edge.app with "CCPA request" to exercise these rights.
last updated: 2025-10-27
version: 1.0