Privacy Policy

Version: 1.0
Effective Date: November 17, 2025
Last Updated: November 17, 2025


1. Introduction

Welcome to QuantixAI (“we,” “us,” “our,” or the “Company”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time-series analysis and forecasting platform (the “Service”).

Data Controller:

QuantixAI s.r.o.
IČO 57306290 Svatoplukova 15m 903 01, Bratislava, Slovak Republic

Email: privacy@quantix-ai.eu
Data Protection Contact: privacy@quantix-ai.eu

This Privacy Policy applies to:


2. Our Commitment to Privacy

As a B2B service provider, we:


3. Information We Collect

3.1 Information You Provide Directly

Account Information:

Payment Information (via Paddle):

Service Data:

3.2 Information Collected Automatically

Authentication Data (via Auth0):

Technical Data:

Usage Data:

Cookie Data:

3.3 Information from Third Parties

From Auth0:

From Paddle:

From Business Partners:


4. How We Use Your Information

4.1 Legal Basis for Processing (Article 6 GDPR)

We process personal data based on:

4.2 Purposes of Processing

Service Delivery:

Business Operations:

Security and Legal:

Improvement and Development:

Marketing (with consent):


5. How We Share Your Information

5.1 Service Providers (Processors under Article 28 GDPR)

We share data with carefully selected service providers:

Authentication Services:

Payment Processing:

Infrastructure:

Communication Services:

Analytics - Statistics (with consent):

Email Marketing:

Backup Storage:

5.2 Business Transfers

In the event of:

Your information may be transferred to the successor entity, subject to this Privacy Policy or equivalent protections. We will notify you via email before any such transfer.

5.3 Legal Disclosures (Article 6(1)(c) GDPR)

We may disclose information when required to:

We may share information:

5.5 What We Don’t Do

We do NOT:


6. Data Retention

6.1 Retention Periods

Data Category Retention Period Justification
Account Data Duration of service + 90 days Service delivery, account recovery
Payment Records 7 years Legal/tax requirements (Slovak law)
Usage Logs 24 months Service improvement, security
Support Tickets Resolution + 12 months Quality assurance
Security Logs 12 months Security monitoring
Marketing Preferences Until withdrawn Consent management (Article 7(3) GDPR)
Trained Models Duration of service Service delivery
Uploaded Data Selected by User Service delivery
API Logs 24 months Debugging, rate limiting

6.2 Deletion Process

Upon account termination or deletion request (Article 17 GDPR):


7. International Data Transfers

7.1 Data Location

Primary data processing occurs within the European Union:

7.2 Transfers Outside the EEA (Chapter V GDPR)

When necessary, we transfer data outside the EEA with appropriate safeguards:

To the United States:

To the United Kingdom:

7.3 Transfer Safeguards (Article 46 GDPR)

We ensure appropriate safeguards through:


8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website or use our Service.

8.2 Cookies We Use

Essential Cookies (Always Active - Article 6(1)(b) GDPR):

These cookies are strictly necessary for the Service to function and cannot be disabled.

Functional Cookies (Article 6(1)(f) GDPR):

Statistics Cookies (Article 6(1)(a) GDPR - Consent Required):

These are loaded only after you grant “Statistics” consent.

We only set statistics cookies with your explicit consent. Until you consent, only essential and functional cookies are used. See our full Cookie Policy for the complete list.

8.3 Managing Cookies

You can manage cookies through:

Note: Disabling essential cookies will prevent Service access.


9. Your Data Protection Rights

Under GDPR (Regulation (EU) 2016/679), you have the following rights:

9.1 Right of Access (Article 15 GDPR)

You have the right to request:

9.2 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or incomplete personal data without undue delay.

9.3 Right to Erasure - “Right to be Forgotten” (Article 17 GDPR)

You have the right to request deletion of your personal data when:

Exceptions: We may refuse erasure when processing is necessary for:

9.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request limitation of processing when:

9.5 Right to Data Portability (Article 20 GDPR)

You have the right to:

This right applies when processing is based on consent or contract and carried out by automated means.

9.6 Right to Object (Article 21 GDPR)

You have the right to object to processing based on:

9.7 Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

Note: We do not engage in automated decision-making with legal or significant effects.

9.8 Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on consent (Article 6(1)(a)), you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.9 How to Exercise Your Rights

Contact us at: privacy@quantix-ai.eu

Response Time: Within 30 days (Article 12(3) GDPR). We may extend by 2 months for complex requests with notification.

Fees: No fee unless requests are manifestly unfounded or excessive (Article 12(5) GDPR).

Verification: We may request additional information to verify your identity before fulfilling requests.

9.10 Right to Lodge a Complaint (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority:

Primary Supervisory Authority (Slovak Republic):

Office for Personal Data Protection of the Slovak Republic
Námestie 1.mája 18 811 06 Bratislava Slovak Republic
Email: statny.dozor@pdp.gov.sk
Website: https://dataprotection.gov.sk/

You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence, place of work, or place of alleged infringement.


10. Data Security (Article 32 GDPR)

10.1 Technical Measures

We implement industry-standard security measures including:

Encryption:

Access Control:

Network Security:

Monitoring:

10.2 Organizational Measures

Staff Security:

Incident Response:

Vendor Management:

10.3 Infrastructure Security (Hetzner)

Our infrastructure provider maintains:

10.4 Authentication Security (Auth0)

Auth0 provides:

10.5 Payment Security (Paddle)

Paddle maintains:

Important: We never access, store, or process raw payment card data.

10.6 Data Breach Notification (Articles 33-34 GDPR)

In the event of a personal data breach:

To Supervisory Authority (Article 33):

To Affected Data Subjects (Article 34):


11. Children’s Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a person under 18 without parental consent, we will:

If you believe we have collected data from a minor, please contact us immediately at privacy@quantix-ai.eu.


12. California Privacy Rights (CCPA/CPRA)

For California residents, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides additional rights.

12.1 Rights Available

12.2 Categories of Information Collected

See Section 3 for detailed categories. In the preceding 12 months, we have collected:

12.3 Use and Disclosure

We use personal information for purposes described in Section 4.

We do not sell personal information as defined by CCPA/CPRA.

We disclose personal information to service providers as described in Section 5.1.

12.4 Exercising Your Rights

California residents may exercise rights by:

We will verify your identity before fulfilling requests and respond within 45 days (extendable by 45 days with notice).

You may designate an authorized agent to make requests on your behalf by providing written authorization.


13. Updates to This Policy

13.1 Notification of Changes

We will notify you of material changes via:

13.2 Effective Date of Changes

13.3 Acceptance of Changes

Continued use after changes take effect constitutes acceptance. For material changes affecting legal basis or significantly changing how we process data, we may seek renewed consent where required by law.

13.4 Version History

See Change Log at the end of this document for version history.


Our Service may contain links to third-party websites (e.g., integration partners, educational resources).

We are not responsible for:

Please review their privacy policies before providing personal information to third parties.


15. Data Processing Agreement (Article 28 GDPR)

Business customers who process personal data of their own users through our Service (acting as data controllers) should execute our Data Processing Agreement (DPA).

The DPA includes:

To request a DPA: Email legal@quantix-ai.eu or visit https://quantix-ai.eu/dpa/


16. Privacy by Design and Default (Article 25 GDPR)

We implement privacy by design and default principles:

Data Minimization:

Purpose Limitation:

Privacy Defaults:

Transparent Processing:

User Control:

Security First:


17. Contact Information

17.1 Data Protection Inquiries

Email: privacy@quantix-ai.eu
Response Time: Within 48 business hours for initial response

For exercising data subject rights, see Section 9.9.

17.2 General Contact

Website: www.quantix-ai.eu
Support: support@quantix-ai.eu
Legal: legal@quantix-ai.eu

17.3 Postal Address

QuantixAI s.r.o.
[Street Address]
[Postal Code] Bratislava
Slovak Republic

17.4 Supervisory Authority

Office for Personal Data Protection of the Slovak Republic
Námestie 1.mája 18 811 06 Bratislava Slovak Republic

Email: statny.dozor@pdp.gov.sk
Phone: +421 2 3231 3214
Website: https://dataprotection.gov.sk/


18. Definitions

Personal Data: Any information relating to an identified or identifiable natural person (Article 4(1) GDPR)

Processing: Any operation performed on personal data, whether automated or not (Article 4(2) GDPR)

Controller: Entity determining purposes and means of processing (Article 4(7) GDPR)

Processor: Entity processing personal data on behalf of controller (Article 4(8) GDPR)

Data Subject: Individual whose personal data is processed (Article 4(1) GDPR)

Consent: Freely given, specific, informed, and unambiguous indication of agreement (Article 4(11) GDPR)

Recipient: Person, authority, or body to whom personal data is disclosed (Article 4(9) GDPR)

Third Party: Person, authority, or body other than data subject, controller, processor, and persons authorized to process (Article 4(10) GDPR)

Merchant of Record (MoR): Entity handling payment processing, invoicing, and tax compliance (Paddle acts as MoR)

Standard Contractual Clauses (SCCs): EU Commission approved contract terms for international data transfers (Article 46(2)(c) GDPR)


Appendix A: Specific Service Provider Privacy Information

Auth0 Privacy

Paddle Privacy

Hetzner Privacy

Google Analytics 4 (Statistics)

SmartSelling Privacy

Scaleway Privacy


Change Log

Version Date Changes
1.0 November 17, 2025 Initial release

This Privacy Policy was last reviewed and updated on November 17, 2025.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.


For questions about this Privacy Policy, contact us at privacy@quantix-ai.eu