Last updated: October 1, 2025

1) Who we are & scope

QuantKey Solutions LLC (“QuantKey,” “we,” “us”) provides a cloud platform and related modules used by business customers (our “Clients”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you:

A. visit our websites and pages that link to this Policy,

B. use our platform modules (including our CRM deployment),

C. receive communications or interact with sites, forms, and chat widgets hosted through our platform,

D. contact our team.

Roles. QuantKey is a controller for data we collect about visitors, prospects, and users of our own sites and services. When Clients upload, collect, or generate data inside the platform (e.g., leads, contacts, end‑recipients of Client messages), QuantKey acts as a processor/service provider to those Clients. If you are an end‑recipient of a Client’s messages or forms, please contact that Client (the controller) first for privacy requests; we will support them as a processor.

We do not knowingly collect data from children under 13 and do not target them.

Contact: [email protected] (QuantKey Solutions LLC, Maryland, USA)

2) Information we collect

A. Information you provide to us

Account & profile data. Name, business email, phone, company, login credentials.

Support & communications. Content of messages, tickets, meeting notes.

Billing data. Business address and limited card metadata (last 4, expiry). Card numbers are processed by third‑party payment processors (e.g., Stripe/PayPal) and not stored by QuantKey.

B. Information processed on behalf of Clients (processor role)

Client contact data. Leads, customers, subscribers (names, emails, phone numbers, preferences).

Content & assets. Website/funnel assets, forms, media uploads, chat transcripts.

Marketing automation & analytics events. Form submissions, open/click events, page visits associated with contact IDs.

Telecom metadata. To/from numbers, message IDs, delivery receipts, carrier codes; optional call recordings and transcriptions.

AI‑assisted inputs/outputs. Prompts, generated content, safety signals.

C. Automatically collected information

Log & device data. IP address, device/browser type, settings, locale, timestamps, feature use, error logs.

Cookies/SDKs/pixels (see §6). Session cookies for authentication and security; optional analytics/tracking where enabled by you (and, in the EU/UK, only with valid consent—see §6).

We do not collect biometric identifiers or personal trading histories.

3) How we use information (purposes & legal bases)

We use personal information to:

Provide, operate, and secure the platform; authenticate users; prevent fraud/abuse.

Deliver Client communications you or your Client schedule (email/SMS/voice/push/chat), and maintain deliverability/telecom compliance telemetry.

Host websites, funnels, forms, and chat created in the platform.

Provide analytics and AI features (summaries, suggestions, content generation), including safety filtering.

Support & improve the services; develop new features; perform usage analytics.

Comply with law and enforce agreements; manage disputes.

Send service notices; and send product updates or marketing (with opt‑out).

Legal bases (EEA/UK): contract necessity; legitimate interests (e.g., security, product improvement that doesn’t override your rights); legal obligations; and consent where required (e.g., non‑essential cookies/marketing). See GDPR references on transparency and legal bases.

4) How we share information

We share information only as needed with:

Service providers/subprocessors. Cloud hosting; telecom gateways; email/SMS/voice delivery; abuse/threat detection; analytics; technical support; AI inference; payments. We bind them by contract to confidentiality, security, and use limitations.

Technology partners/integrations you enable. (e.g., CRM, ad platforms, calendars, payment gateways). Data flows follow your configuration.

Affiliates (if any), solely to operate the services consistent with this Policy.

Legal/safety. To comply with valid legal process or protect rights, property, or safety.

Business transfers. In the event of a merger, acquisition, or asset sale.

With your direction or consent.

We do not sell personal information and do not “share” it for cross‑context behavioral advertising as defined by California law. If we ever introduce advertising cookies, we will first present a clear choice and a “Do Not Sell or Share” mechanism (see §7 on GPC). California requirements for “Do Not Sell/Share” and honoring opt‑out preference signals are described by the CA Attorney General and CPPA.

5) International data transfers

QuantKey and many providers are U.S.-based, and data may be processed in the United States and other countries where we or our providers operate.

EEA/UK/Swiss transfers. We use appropriate safeguards, including EU Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA or UK Addendum for UK GDPR transfers.

Data Privacy Framework (DPF). Where our U.S. providers participate in the EU‑U.S. DPF (and UK/Swiss extensions), we may rely on their active certification as a lawful transfer mechanism; you can verify participants on the official DPF List. (QuantKey does not claim DPF participation unless listed.)

We conduct transfer assessments as appropriate and will disclose the transfer mechanism on request. See EDPB FAQ for DPF background.

6) Cookies & similar technologies

Essential cookies (e.g., auth/security, load balancing) operate by default.

Analytics/measurement cookies and other non‑essential trackers are used only where permitted by law and your preferences. In the EU/UK, prior consent is required for non‑essential cookies/trackers; users must have a free, informed, granular choice and be able to withdraw consent easily.

Your browser settings and our banner controls let you manage preferences; disabling certain cookies may impact functionality.

7) Your privacy choices

Marketing emails. Unsubscribe anytime via the link in those emails (or contact us).

SMS/voice. Reply STOP to opt‑out of text messages; use provided IVR/unsubscribe options for calls. Please note: our Clients are responsible for obtaining required consent for their campaigns under CAN‑SPAM, TCPA/FCC rules, PECR (UK), and CASL (Canada).

Global Privacy Control (GPC). If your browser sends a GPC or similar opt‑out preference signal, we will treat it as a “Do Not Sell or Share” request where legally required (e.g., California).

8) Data retention

Active accounts. We retain platform data for your subscription term.

Telecom logs/recordings. Retained for operational needs and compliance, then deleted or anonymized; Clients can configure shorter retention or delete items earlier.

Backups. Rolled on a fixed schedule and purged automatically.

Closed accounts. We delete or anonymize personal data within a reasonable period after closure (subject to legal retention for billing, security logs, or dispute handling).

Specific retention controls vary by module and provider; we can share module‑level details on request.

9) Security

We employ technical and organizational measures including TLS in transit, encryption at rest for sensitive fields, tenant isolation, least‑privilege access, logging/alerting, and periodic reviews. No system is 100% secure: you are responsible for safeguarding credentials and implementing client‑side security (e.g., 2FA, strong passwords). We will notify you of data breaches as required by law.

10) AI features & third‑party model providers

Certain features (e.g., content drafting, summaries, voice/chat assistants) route your prompts and outputs to vetted AI providers for inference. We configure providers to avoid training on your business data by default whenever the provider offers that control (e.g., OpenAI enterprise/API and Azure OpenAI; Google Vertex AI training restrictions). Provider‑specific retention and abuse‑monitoring rules may apply. Enterprise/Commercial offerings of several providers exclude training by default; some consumer chatbot services may train unless you opt out—QuantKey does not use consumer chatbots for your tenant data.

If you enable a third‑party AI integration or bring your own key, your use is governed by that provider’s terms and privacy notices.

11) Your rights

A. If you are an end‑recipient of a Client’s messages or forms

Please contact the Client (the sender/controller) to exercise rights (access, correction, deletion, objection, etc.). We will support our Client in responding to your request as their processor/service provider.

B. If QuantKey is the controller (e.g., our websites, our product communications)

You may request:

* Access/portability of your data,

* Correction of inaccurate data,

* Deletion (subject to legal/operational retention),

* Restriction/objection to certain processing,

* Marketing opt‑out at any time.

EEA/UK users. You also have the right to lodge a complaint with your supervisory authority. See the EDPB list of authorities and GDPR Art. 77.

U.S. state privacy (e.g., CA/VA/CO/CT/UT/TX). If applicable to us, you may have rights to know/access, correct, delete, portability, and to opt‑out of targeted advertising, sale, or profiling decisions with legal/similar effects. California also recognizes opt‑out preference signals (see §7). Colorado/Connecticut recognize universal opt‑out mechanisms as well. We will verify requests and respond within statutory timeframes.

To exercise any right where QuantKey is the controller, email [email protected]. For Virginia users, you may appeal a refusal; instructions will be in our response.

12) Do Not Track & Global Privacy Control

Most browsers’ Do Not Track (DNT) setting is not legally binding and lacks a uniform technical standard; we do not respond to DNT signals. We do honor legally recognized opt‑out preference signals such as GPC where required (e.g., California).

13) Third‑party links and services

Our services may link to or integrate with third‑party sites or apps. Their privacy practices are governed by their own policies.

14) Data processing addendum (DPA) & subprocessors

We offer a Data Processing Addendum with SCCs/UK terms upon request for Clients subject to GDPR/UK GDPR.

We maintain a list of subprocessors used to deliver the services; we will make it available on request and provide notice of material changes consistent with the DPA.

15) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email and/or in‑app notice and update the “Last updated” date. Continued use after the effective date indicates acceptance.

16) Contact

Email:

[email protected]

US Mail:

QuantKey Solutions LLC
1930 18th St. NW
Ste B2 #1101
Washington, DC 20009

(If you are an end‑recipient of a Client’s messages, please contact the sender first.)