QANTUM Icon
QANTUM.one
Back to home

Privacy Policy

Effective Date: February 13, 2026

Introduction

QANTUM ("we," "us," or "our") operates qantum.one, an AI-powered quality assurance platform that analyzes codebases and generates intelligent test recommendations. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

We are committed to protecting your privacy and the confidentiality of your code. This policy is designed to help you understand our data practices and your rights as a user.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and organization details
  • Authentication credentials (hashed and encrypted)
  • Profile information you choose to provide

Code Repository Data

When you connect repositories via GitHub, GitLab, or other integrations, we access and process:

  • Repository metadata (names, structure, file paths)
  • Source code files for analysis purposes
  • Commit history and version control information
  • Test files and test coverage metrics

Usage Data

We automatically collect information about your use of the service:

  • Log data (IP address, browser type, operating system, timestamps)
  • Feature usage and interaction patterns
  • Performance metrics and error reports
  • Session duration and frequency of use

Payment Information

Payment processing is handled by Stripe, a PCI-compliant payment processor. We do not store your full credit card numbers or sensitive payment data on our servers. We receive only transaction confirmations and billing metadata from Stripe.

How We Use Your Information

We use the information we collect to:

  • Provide the Service: Analyze your code, generate test recommendations, visualize testing pyramids, and deliver AI-powered insights
  • Improve Our Platform: Enhance AI models, fix bugs, develop new features, and optimize performance
  • Communicate with You: Send service notifications, security alerts, product updates, and respond to support requests
  • Process Payments: Manage billing, subscriptions, and invoicing
  • Ensure Security: Detect and prevent fraud, abuse, and security incidents
  • Comply with Legal Obligations: Meet regulatory requirements and respond to lawful requests

Code & Repository Data — Our Commitment to You

We understand that your code is your intellectual property and business-critical asset. We treat it with the highest level of security and confidentiality:

  • Your code is NEVER used to train AI models. We do not feed your proprietary code into machine learning training pipelines or use it to improve AI models for other customers.
  • Your code is NEVER shared with third parties. We do not sell, license, or share your code with external organizations, advertisers, or other users.
  • Code is processed for analysis only. We analyze your code solely to generate test recommendations and quality insights for your own use.
  • Encrypted at rest and in transit. All code data is encrypted using AES-256 encryption when stored and TLS 1.3 when transmitted over networks.
  • Access controls. Only authorized engineers with legitimate business need can access code data, and all access is logged and audited.
  • Data isolation. Each customer's code is stored in isolated database partitions with strict access boundaries.

You retain all ownership rights to your code. We claim no intellectual property rights over your repositories, tests, or any content you provide.

Data Sharing and Disclosure

We share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who assist in operating our platform:

  • Vercel: Frontend hosting and content delivery
  • Railway: Backend infrastructure and application hosting
  • Stripe: Payment processing and billing management
  • GitHub/GitLab: Repository integrations and OAuth authentication
  • Google: OAuth authentication for user login

These providers are contractually bound to protect your data and use it only for the specific services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring organization. We will notify you via email before your information is transferred and becomes subject to a different privacy policy.

We do NOT sell your data. We have never sold user data and will never do so.

Data Security

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

  • Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege
  • Database Security: PostgreSQL with encrypted connections, regular security patches, automated backups with encryption
  • Infrastructure Security: Firewalls, DDoS protection, intrusion detection systems, and network isolation
  • Monitoring: 24/7 security monitoring, automated threat detection, and incident response procedures
  • Compliance: We are working toward SOC 2 Type II certification and GDPR compliance

While we take extensive precautions, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@qantum.one.

Data Retention

We retain your information for as long as necessary to provide the service and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Code Repository Data: Deleted within 30 days of repository disconnection or account deletion
  • Usage Logs: Retained for up to 90 days for security and debugging purposes
  • Billing Records: Retained for 7 years to comply with tax and accounting regulations
  • Anonymized Analytics: May be retained indefinitely for product improvement and research

You can request immediate deletion of your account and associated data by contacting support@qantum.one.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

GDPR Rights (European Economic Area)

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Restriction: Restrict processing of your personal data under certain conditions
  • Right to Object: Object to processing of your personal data for direct marketing or legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing at any time

CCPA Rights (California)

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at support@qantum.one. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our service:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with our platform (optional, requires consent)
  • Preference Cookies: Remember your settings and preferences

You can control cookie settings in your browser. Note that disabling essential cookies may prevent you from using certain features of the service.

International Data Transfers

QANTUM operates globally, and your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data is protected in accordance with this Privacy Policy.

Children's Privacy

QANTUM is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@qantum.one, and we will delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Notify you via email at least 30 days before the changes take effect
  • Display a prominent notice on our platform

Your continued use of the service after the effective date of the revised policy constitutes acceptance of the changes. If you do not agree to the changes, please discontinue use of the service and contact us to delete your account.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@qantum.one

Security Issues: security@qantum.one

Website: https://qantum.one

We are committed to resolving privacy concerns promptly and transparently. We will respond to all inquiries within 48 business hours.