Legal

Privacy Policy

Last updated: April 28, 2026 · Effective: April 28, 2026

Plain-English summary (not the policy). We collect what we need to give you accounts, market data, and analytics — nothing more. We never sell your personal information. Your portfolio data is encrypted at rest and in transit and is isolated to your account. We use a small number of well-known cloud and data providers to operate the platform. You can ask us to access, correct, export, or delete your data at any time.

Who we are
Information we collect
How we use information
Legal bases (GDPR users)
How we share information
Cookies & analytics
Security
Data retention
Your rights
CCPA/CPRA disclosures
Children
International transfers
Do Not Track
Changes
Contact

1.Who we are

This Privacy Policy explains how QuantMint LLC (“QuantMint,” “we,” “us”), a Delaware limited liability company, collects, uses, and shares information when you visit quantmint.ai or use the QuantMint platform (the “Services”). For purposes of GDPR, QuantMint is the data controller of personal information collected in connection with the Services.

2.Information we collect

2.1 Information you provide

Account information. When you sign up, we collect your name, email address, and a password (stored only as a salted hash via AWS Cognito). At registration we also record your acknowledgement of our Terms, Privacy Policy, and Risk Disclosure.
Profile preferences. Preferences you set in the platform — for example, your default account type, watchlist tickers, notification settings, theme — are stored against your account.
Portfolio data you upload. When you upload a brokerage CSV, OFX, or QFX statement, we parse and store your positions (tickers, quantities, cost basis, account labels, option symbols, expirations, strikes), legs of any spreads we reconstruct, and historical snapshots so we can show changes over time.
Communications. If you email us or message us through the platform, we retain those communications to respond and to maintain a record.

2.2 Information we receive from third parties

Market data. We retrieve real-time and historical option chains, quotes, fundamentals, and event metadata from market-data providers (currently Tradier and Finnhub) keyed to the tickers in your portfolio or watchlist. This data is about securities, not about you, but it is associated with your account in our analytics.
Authentication providers. If you use a sign-in provider (such as a federated identity provider through AWS Cognito), we receive the basic profile fields that provider returns.

2.3 Information we collect automatically

Usage and telemetry. When you use the Services we record server-side events: pages and routes you visit, features you invoke (e.g., scans, roll analyses, uploads), timestamps, request IDs, and high-level outcomes (success/error). We use this to operate and improve the platform.
Device and connection. We log standard request metadata: IP address, user-agent, referrer, approximate geolocation derived from IP, and device/browser type. IP addresses are used for security, abuse prevention, and to enforce U.S.-only access.
Cookies and similar technologies. See Section 6.

2.4 Information we do not collect

We do not collect or store your brokerage username, password, or session credentials. QuantMint does not connect to your broker to place trades.
We do not request bank account or payment-card information during the beta. If we collect payment data in the future, we will use a PCI-compliant processor and update this Policy.
We do not collect government-issued ID, Social Security Number, or sensitive demographic data.

3.How we use information

Provide, operate, secure, and improve the Services;
Authenticate you and protect your account;
Compute analytics and decision-support outputs (Greeks, probabilities, scores, ranked candidates);
Send service communications (account notices, security alerts, beta updates) and, only with your consent, marketing emails — you can unsubscribe at any time;
Detect, investigate, and prevent abuse, fraud, security incidents, and violations of our Terms;
Comply with legal obligations and respond to lawful requests;
Compute aggregated, de-identified statistics about platform usage and model performance.

We do not use your portfolio data to train any general-purpose machine-learning model, and we do not use your data to make automated decisions that have legal or similarly significant effects on you.

4.Legal bases (GDPR users)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar law, we process personal data under the following bases:

Contract. To provide the Services and perform our Terms with you.
Legitimate interests. To secure the platform, prevent abuse, improve our models, and conduct business analytics, balanced against your rights.
Consent. For marketing emails and any non-essential cookies.
Legal obligation. To comply with applicable law.

The Services are operated from the United States and are intended for U.S. residents. If you are outside the United States and choose to use the Services, you do so at your own risk and consent to the transfer of your information to the United States, which may have different data-protection laws than your home country.

5.How we share information

We do not sell your personal information. We share information only as described below.

5.1 Service providers

We share information with vendors who process it on our behalf under written contracts that restrict their use of the data to providing services to us:

Provider	Purpose	What it sees
Amazon Web Services (AWS)	Hosting, database, storage, networking	All platform data (encrypted at rest)
AWS Cognito	User authentication	Email, hashed password, session tokens
Amazon RDS / S3	Database and file storage	Account data, portfolio data, telemetry
Tradier, Finnhub	Market and event data	Tickers and watchlist symbols (not your name)
Anthropic (Claude)	LLM inference for thesis text	Ticker, event metadata, sanitized model outputs — not your name, email, or full portfolio
Email delivery (Amazon SES or comparable)	Transactional and consented marketing email	Email address, message content
Error monitoring & analytics	Diagnose bugs, measure usage	Request metadata, stack traces, anonymized event counts

5.2 Legal and safety

We may disclose information if we believe in good faith that disclosure is necessary to (a) comply with applicable law, regulation, subpoena, or court order; (b) enforce our Terms; (c) protect the rights, property, or safety of QuantMint, our users, or others; or (d) detect and prevent fraud, security, or technical issues.

5.3 Business transfers

If QuantMint is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information in advance.

5.4 With your consent

We may share information for any other purpose with your consent.

6.Cookies & analytics

We use cookies and similar technologies for three purposes: (a) strictly necessary — to keep you logged in and to maintain CSRF protection; (b) preferences — to remember your settings, such as theme; and (c) analytics — to understand which features are used and where users encounter errors. You can control cookies through your browser; disabling strictly-necessary cookies will break sign-in and other core features.

7.Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your information. These include encryption in transit (TLS 1.2+), encryption at rest (AWS-managed KMS), least-privilege IAM, network isolation, password hashing in Cognito, row-level tenant isolation in our database (every query is scoped to your account), audit logging, and regular dependency and infrastructure updates. No system is perfectly secure, and we cannot guarantee absolute security. If you become aware of a security vulnerability, please report it to [email protected].

8.Data retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. By default:

Account profile and preferences: retained for the life of the account.
Uploaded portfolio data and snapshots: retained for the life of the account; you can delete prior uploads at any time from the Portfolio page.
Server logs and telemetry: retained for up to 12 months.
Backups: encrypted backups are retained for up to 35 days.
Communications with us (email): retained for up to 7 years for legal and audit purposes.

When you delete your account, we delete or de-identify your personal data within 30 days, except where retention is required by law.

9.Your rights

Depending on where you live, you may have the following rights:

Access — ask for a copy of the personal data we hold about you;
Correction — ask us to correct inaccurate data;
Deletion — ask us to delete your data (subject to legal exceptions);
Portability — ask for a machine-readable export of your data;
Restriction or objection — ask us to restrict or stop certain processing;
Withdraw consent — for processing based on consent (such as marketing email);
Complain — lodge a complaint with your local data-protection authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days (or such shorter period required by law). We do not discriminate against users who exercise their rights.

10.CCPA/CPRA disclosures (California residents)

This section supplements the rest of this Policy and applies to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

Categories of personal information we collect: identifiers (name, email, IP), customer records (account profile), commercial information (subscription status, if any), internet/network activity (usage telemetry), geolocation (approximate, from IP), and inferences drawn from the foregoing (e.g., feature usage clusters). We collect these categories from you, from your device, and from the third parties listed in Section 5.

We do not sell or “share” personal information for cross-context behavioural advertising as those terms are defined under the CCPA. We do not knowingly handle personal information of consumers under 16.

California residents have the right to know, delete, correct, and to limit the use of sensitive personal information. To exercise these rights, email [email protected]. We will verify your identity using information already on file. You may also designate an authorized agent to make a request on your behalf, subject to verification.

11.Children

The Services are not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us at [email protected] and we will delete it.

12.International transfers

The Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to, processed in, and stored in the United States. Where required by law, we use appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for international transfers.

13.Do Not Track

Our Services do not currently respond to Do Not Track (DNT) signals because no consistent industry standard exists. We treat all users the same.

14.Changes

We may update this Privacy Policy from time to time. If a change is material, we will give you reasonable advance notice (typically by email and an in-app banner) before the change takes effect. The current version is always available at www.quantmint.ai/legal/privacy.html.

15.Contact

QuantMint LLC
Attn: Privacy
Email: [email protected]

Table of contents