Privacy Policy

1. Who we are

Quantinus is operated by its parent corporation, registered in Canada. Our platform helps enterprise organizations identify cryptographic risk and migrate to post-quantum algorithms.

For privacy inquiries, contact us at: hello@quantinus.io

2. Information we collect

Information you provide directly

• Email address when you join our waitlist or contact us
• Name and company information when you create an account
• Communications you send us via email or our contact form

Information collected by the Quantinus agent

When you deploy the Quantinus scanning agent in your environment, it collects:

• Cryptographic algorithm types and key sizes in use
• Certificate metadata (expiry dates, issuer, subject — not certificate contents)
• Configuration signals indicating cryptographic posture
• System and service identifiers for asset inventory purposes

Usage and technical data

• Log data including IP address, browser type, and pages visited
• Platform usage analytics to improve the product
• Cookies and similar technologies (see Section 7)

3. How we use your information

We use the information we collect to:

• Provide, operate, and improve the Quantinus platform
• Generate cryptographic risk reports and migration roadmaps for your organization
• Send you product updates, security advisories, and compliance deadline reminders (you can unsubscribe at any time)
• Respond to your support requests and inquiries
• Comply with legal obligations and enforce our terms
• Protect against fraud, abuse, and security incidents

We do not sell your data to third parties. We do not use your data to train AI models. We do not serve advertising.

4. Legal basis for processing (GDPR)

For users in the European Union, we process personal data under the following legal bases:

• Contract: Processing necessary to deliver the Quantinus service you have engaged us to provide
• Legitimate interests: Analytics and product improvement, security monitoring, and fraud prevention
• Consent: Marketing communications — you can withdraw consent at any time
• Legal obligation: Compliance with applicable law

5. Data storage and residency

Quantinus stores data on AWS infrastructure. Enterprise customers may select their preferred data region at deployment. EU customer data is stored within the European Union by default.

We do not transfer personal data across regional boundaries without your explicit consent, except where required by law.

Scan results and reports are retained for the duration of your subscription plus 90 days. Waitlist and contact data is retained until you request deletion or 24 months from collection, whichever comes first.

6. Data sharing

We share data only in the following limited circumstances:

• Service providers: Trusted vendors who help us operate the platform (cloud hosting, analytics), bound by data processing agreements
• Legal requirements: When required by law, court order, or government authority
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
• With your consent: In any other circumstances, only with your explicit permission

We never sell, rent, or trade your personal data or scan results to any third party.

7. Cookies

We use a minimal set of cookies:

• Essential cookies: Required for authentication and platform functionality
• Analytics cookies: Privacy-preserving usage analytics to understand how the platform is used. We do not use Google Analytics.

We do not use advertising cookies or third-party tracking. You can disable non-essential cookies in your browser settings without affecting core functionality.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request restriction of processing in certain circumstances
• Withdrawal of consent: Withdraw consent for marketing at any time

To exercise any of these rights, contact us at hello@quantinus.io. We will respond within 30 days.

EU residents have the right to lodge a complaint with their national data protection authority.

9. Security

We apply industry-standard security measures to protect your data:

• TLS 1.3 encryption for all data in transit
• AES-256-GCM encryption for data at rest
• Role-based access controls and audit logging
• Regular security assessments and penetration testing
• Multi-factor authentication required for all platform access

To report a security vulnerability, please email hello@quantinus.io with the subject line "Security Disclosure". We acknowledge reports within 24 hours.

10. Children's privacy

Quantinus is an enterprise platform intended for use by organizations and their authorized personnel. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if we have your address) and update the effective date at the top of this page. Your continued use of Quantinus after changes take effect constitutes acceptance of the updated policy.

12. Contact us

For privacy questions, requests, or concerns:

• Email: hello@quantinus.io
• Subject line: "Privacy Request"

We aim to respond to all privacy inquiries within 5 business days.