Privacy Policy

QuantForge ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform.

QuantForge is a cloud-hosted platform. Your trading data — activity, bot configurations, market data, and backtest results — is stored securely on our servers. Exchange API keys are encrypted at rest using Fernet + PBKDF2. This policy covers how we handle your data.

We collect the following categories of information:

• Account Information — Email address, name, and billing details required for your subscription and license management.
• Usage Analytics — If you opt in, anonymized telemetry such as feature usage frequency, strategy selection patterns, and error reports. This is entirely optional and disabled by default.
• Support Communications — Any messages, emails, or support tickets you send us, along with associated metadata.
• Payment Information — Processed by our third-party payment provider. We do not store full credit card numbers on our servers.

The following data is stored on our servers, encrypted and protected:

• Exchange API keys and credentials (encrypted at rest via Fernet + PBKDF2)
• Trading history, positions, and PnL records
• Bot configurations and strategy parameters
• Market data (OHLCV candles, funding rates, open interest, etc.)
• Backtest results and validation data
• AI conversation history and analysis logs
• Risk events and equity snapshots

We use industry-standard encryption and access controls. Exchange API keys are configured with trade-only permissions — we never have withdrawal access to your exchange account.

The Platform integrates with third-party services that process data according to their own privacy policies:

• Binance API — Market data requests and order execution go directly from your machine to Binance. We are not an intermediary.
• Anthropic (Claude API) — When you use AI features, prompts containing market context and analysis requests are sent to Anthropic's servers. Review Anthropic's Privacy Policy for details.
• Coinglass API — Derivatives and on-chain data requests go directly from your machine to Coinglass.
• Ollama — Runs entirely on your local machine. No data leaves your network.

QuantForge uses minimal cookies and tracking:

• Session Authentication — A session token stored as a cookie or bearer token for API authentication. Essential for Platform operation.
• Preferences — Local storage for UI preferences such as theme, layout, and dashboard configuration. Never transmitted externally.
• Optional Analytics — If you opt in, we may use a privacy-respecting analytics service. No data is shared with advertising networks.

We do not use third-party advertising cookies, tracking pixels, or fingerprinting techniques.

We take data security seriously at both the platform and infrastructure level:

• API keys are encrypted at rest using Fernet symmetric encryption with PBKDF2 key derivation
• The API server binds to localhost by default, preventing external network access
• Bearer token authentication is required for all API endpoints
• Exchange API keys are configured with trade-only permissions (no withdrawal capability)
• All sensitive configuration is stored in environment variables, never committed to code

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, and you acknowledge the inherent risks of operating trading software.

Depending on your jurisdiction, you may have the following rights regarding your personal data held by us:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your personal data from our systems.
• Data Portability — Request your data in a structured, machine-readable format.
• Withdrawal of Consent — Withdraw consent for optional data processing (such as analytics) at any time.
• Objection — Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at privacy@quantforge.site. We will respond within 30 days.

We retain your account data for as long as your account is active or as needed to provide services. Specifically:

• Account and billing data is retained while your subscription is active
• Support communications are retained for up to 3 years for quality and legal purposes
• Optional analytics data is aggregated and anonymized within 90 days
• Upon account deletion request, we remove your personal data within 30 days, except where retention is required by law

Upon account deletion, all your trading data is permanently removed within 30 days.

QuantForge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Platform. We encourage you to review this page periodically. The "Last updated" date at the top reflects the most recent revision.

For privacy-related inquiries, contact us at privacy@quantforge.site.