QUANTEIA

Privacy Policy

Last updated: 13 May 2026

Quanteia India (the "Company", "we") respects your privacy. This policy explains what personal data we collect, why, and how we handle it, in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA).

1. Data We Collect

  • Account data: email, name (optional), hashed password if applicable.
  • Usage data: pages viewed, features used, device type, IP address (truncated for analytics).
  • Billing data: handled by our payments partner; we receive only the transaction ID, last 4 of card, and GST invoice metadata.
  • Cookies: session cookies for auth and preferences. No third-party tracking by default.

2. Why We Collect It

  • To provide and improve the Service.
  • To process payments and issue GST invoices.
  • To send transactional emails (account, billing, security).
  • To detect fraud, abuse, and security incidents.
We do not sell your personal data. We do not run third-party ad networks on this site.

3. Your Rights (DPDPA)

Under the DPDPA you have the right to:
  • Access the personal data we hold about you.
  • Request correction or update.
  • Request erasure (subject to legal retention requirements, e.g., GST records).
  • Withdraw consent for processing.
  • Nominate a person to exercise your rights in the event of death or incapacity.
  • Lodge a grievance with our Data Protection Officer (see Contact below) and, if unresolved, with the Data Protection Board of India.

4. Retention

We keep account data while your account is active and for up to 24 months after closure for security and dispute-resolution purposes. GST and billing records are retained as required by Indian tax law.

5. Security

Transport encryption (TLS 1.2+), encryption at rest for sensitive fields, principle-of-least-privilege access controls, and periodic review. No system is perfectly secure; we do not guarantee absolute security.

6. Third-Party Services

We use the following processors:
  • Hosting: Vercel Inc.
  • Payments: our PCI-DSS compliant payments partner (named on checkout).
  • Email: transactional email provider (named in receipts).
  • Market data: Yahoo Finance, NSE public endpoints (no personal data shared).

7. Cross-Border Transfers

Some processors store data outside India (typically the US/EU). Such transfers occur only to countries the Government of India has not restricted under the DPDPA and are subject to contractual data-protection clauses.

8. Children

The Service is not directed to children under 18. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be notified by email or in-product banner at least 7 days in advance.

10. Contact / Grievance Officer

For privacy questions or to exercise your rights, contact our Data Protection Officer via the contact page. We respond within 7 working days.