Quantro Privacy Notice

This notice describes how Quantro accesses, collects, stores, uses and shares (“processes”) your personal information when you use our website, services and (in future) mobile app (collectively, the “Services”).

• We collect the financial profile data you give us so we can model your tax, allowances, projections and net worth.
• We do not process special-category or sensitive data (race, religion, health, political views, etc.).
• We do not sell your data, share it for advertising, or run third-party marketing trackers.
• The only sub-processors we use are Supabase, Stripe, Plaid and Netlify (full list in section 3).
• You can delete your account and all associated data at any time from Settings, Danger Zone.
• You have access, rectification, erasure, portability and objection rights under UK GDPR (section 9).

If you do not agree with any of the policies and practices described in this notice, please do not use the Services. Questions can be sent to the contact details in section 12.

Quantro is run from Waverley House, 9 Noel St, London W1F 8GQ. We are the data controller for the personal data described in this notice.

For data protection enquiries, see section 12 below.

In short: we collect the personal information you give us when you sign up and use the Services, plus a limited amount of technical information automatically when you visit. We do not process sensitive personal information.

Information you provide

• Account data: email address, hashed password (never stored in plaintext), display name.
• Personal profile: date of birth, age, marital or civil-partnership status, residency status, number of dependants, target retirement age, motivation goals, partner display name and date of birth (if you choose to add them).
• Financial profile: employment income (yours and partner’s), other income (dividends, savings interest, freelance, miscellaneous), pension pot balances and contribution history, ISA/LISA/GIA balances, cash savings and Premium Bonds, risk tolerance and investing attitude, annual household expenditure, Gift Aid donations.
• Property data: a label or address for each property, value, type, mortgage details, rental income and costs, ownership splits, Help-to-Buy details.
• Tactic decisions: tactics you mark actioned, dismissed, or where you record a contribution amount.
• Linked-account data, only if you authorise it: bank balances and limited transaction metadata via Plaid Open Banking; brokerage portfolio data via read-only API keys you generate at the brokerage and paste into Quantro. Quantro never receives your bank or brokerage password.
• Support correspondence: the content of emails you send us.

Information collected automatically

When you visit the Services we collect a limited set of technical information needed to operate them securely: IP address, browser and device characteristics, operating system, language preference, referring URL, country of access and timestamps of usage. This is needed to maintain security, prevent abuse and run basic uptime monitoring. We do not use this information to build advertising profiles or to track you across other websites.

Information you must keep accurate

All personal information you provide must be true, complete and accurate, and you must update it (in Settings, Personal Profile and Financial Profile) when it changes.

In short:we process your information to deliver Quantro’s tax, allowance and projection features, to take payment for Premium subscriptions, and to keep the Services secure.

We use your information to:

• Calculate your tax position, IHT exposure, allowance usage, scenario projections and matched tactics.
• Authenticate you, send sign-in or password-reset emails, and remember your preferences across sessions.
• Process Premium subscriptions: take payment, grant or revoke access, and email you billing receipts and subscription state changes.
• Send you allowance-deadline reminders, but only if you opt in.
• Improve the Services, fix bugs, run internal analytics on aggregate usage and prevent fraud and abuse.
• Comply with our legal obligations to HMRC and other UK regulators.

Our lawful bases under UK GDPR are:

• Performance of contract (Art 6(1)(b)) for delivering the Services and processing subscriptions.
• Legitimate interest (Art 6(1)(f)) for security, fraud prevention and product improvement.
• Consent (Art 6(1)(a)) for optional emails or features that ask for explicit opt-in.
• Legal obligation (Art 6(1)(c)) for HMRC tax record-keeping and law-enforcement requests.

We do not profile you for marketing, build advertising audiences, sell your data, or share it for marketing or analytics with anyone other than the sub-processors listed in section 3.

In short: we share your information only with the sub-processors that run Quantro, and only as necessary to deliver the Services. Each is bound by a written data-processing agreement that meets UK GDPR requirements.

• Supabase, Inc. (United States; data stored in EU/UK regions): primary database, authentication and file storage. AES-256 encryption at rest, TLS 1.2+ in transit.
• Stripe Payments UK, Ltd. (United Kingdom, with Stripe, Inc. in the US for backend processing): payment processing and subscription management. Quantro never sees your card number, CVC or expiry.
• Plaid Financial Ltd. (United Kingdom, with Plaid, Inc. in the US): Open Banking aggregation, only if you choose to link a bank account. Plaid never shares your bank credentials with us.
• Netlify, Inc. (United States): application hosting and content delivery network.
• Google LLC (United States): only if you choose to sign in with Google. We receive your email address and basic profile info from Google in line with their standard OAuth scopes.
• PostHog Inc. (data hosted in the EU): server-side product analytics. We send PostHog a small set of events from our server: sign-up, onboarding step completed, upgrade clicked, subscription started or cancelled, and a pageview event each time you navigate within the app (recording the path you visited, e.g. /dashboard, never the data on it). All events are tagged with your Supabase user ID only. We never send PostHog your name, email, financial figures, property values, or anything you've entered into your profile. No PostHog cookies or scripts run in your browser.

Other situations

• Business transfers: if Quantro is sold, merged or restructured, your information may transfer to the acquirer. We will notify you in advance and your rights under this notice will be preserved.
• Legal requirements: we may share your information where we are legally compelled to (court order, regulatory request, fraud investigation), or where doing so is necessary to protect our rights, our users or the public.

We do not have affiliates, joint-venture partners, or business partners who receive your data for marketing.

In short: we use only strictly-necessary session cookies to keep you signed in. We do not use analytics cookies, advertising cookies, web beacons, browser pixels or in-page tracking scripts, and we do not display advertising on the Services. We do use one server-side analytics provider (PostHog, EU region) to record a small set of funnel events tied to your Supabase user ID; this happens entirely on our server and sets nothing in your browser.

Because we use only strictly-necessary cookies, the law does not require us to display a cookie banner under UK PECR / ICO guidance. Authentication uses HTTP-only cookies, which JavaScript cannot read, set by our authentication provider Supabase.

Full details are in our Cookie Policy. If, in future, we add any cookies that are not strictly necessary, we will update that policy and request your consent before any are set.

In short: if you choose to sign in with Google, we receive your email address and basic profile information from Google.

Quantro offers the option to register or sign in with a Google account. If you do, Google sends us your email address, your name and a Google account identifier so we can create or match your Quantro account. We use this information only for authentication, not for marketing. If you stop signing in with Google, we keep your Quantro account active and you can switch to email/password authentication at any time.

Google’s own privacy practices govern how they handle your data. Review Google’s privacy policy at policies.google.com/privacy.

In short: some of our sub-processors are based in or transfer data to the United States. Your data is encrypted in transit and at rest, and these transfers are protected by UK-recognised legal safeguards.

Specifically, transfers rely on:

• The UK Extension to the EU-US Data Privacy Framework, where the recipient is certified.
• UK International Data Transfer Agreements or Standard Contractual Clauses approved by the UK Information Commissioner, where they are not.

If you would like to see the safeguards in place for any specific transfer, email support@quantro.one.

In short: we keep your information for as long as it is necessary for the purposes set out in this notice, or longer where law requires.

• Active accounts: while your account exists.
• Database backups: a rolling 30-day window of encrypted backups, after which deleted data ages out completely.
• Closed accounts: account and profile data are removed from our primary database immediately when you delete your account in Settings, Danger Zone. Backups age out within 30 days.
• Payment records: retained for up to 7 years after the last transaction, in line with HMRC tax record-keeping requirements, even after account deletion.
• Support correspondence: retained for up to 2 years.

Where it is not technically possible to delete a piece of data immediately (for example because it sits in a backup archive), we securely store it and isolate it from any further processing until deletion is possible.

In short: Quantro is for adults aged 18 or over. We do not knowingly collect data from children.

By using Quantro you confirm that you are at least 18 years old. If we learn that we have collected data from a child under 18 we will deactivate that account and delete the data promptly. If you believe a child has provided us data, email support@quantro.one.

In short: under UK GDPR you can review, change, export and delete your personal information at any time.

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data (you can edit most fields yourself in Settings, Personal Profile and Financial Profile)
• Erase your data: delete your account and all associated data via Settings, Danger Zone, or by emailing us
• Restrict our processing
• Object to processing based on legitimate interest
• Data portability: request a machine-readable export of your data
• Withdraw consent at any time, where consent is the lawful basis
• Avoid solely automated decision-making with legal or similarly significant effects: Quantro does not make any such decisions about you

To exercise any right, email support@quantro.one. We will respond within 30 days, and there is no charge unless your request is manifestly unfounded or excessive. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

You also have the right to complain to the UK Information Commissioner’s Office:

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113

Quantro does not track you across websites and does not use any in-browser tracking technologies. The only analytics we run is server-side (see section 3 on sub-processors) and does not interact with your browser, so Do-Not-Track signals have nothing to act on. If we ever introduce client-side analytics, we will update our Cookie Policy, respect DNT signals, and offer an in-app opt-out.

We may update this notice from time to time. The “Last updated” date at the top of this page reflects the most recent revision. If we make material changes that affect your rights, we will email you or display an in-app notice at least 14 days before the change takes effect. Continuing to use Quantro after a change indicates acceptance of the updated notice.

For data protection enquiries and general correspondence, write to:

Quantro
Waverley House
9 Noel St
London W1F 8GQ
United Kingdom

Email: support@quantro.one

The fastest way to review, update or delete the data we hold is from inside Quantro:

• Review and update: Settings, Personal Profile and Financial Profile let you edit almost every field we hold about you.
• Delete: Settings, Danger Zone has “Delete account”. Deletion is immediate from our primary database and ages out of backups within 30 days.
• Export: for a machine-readable copy of all your data, email support@quantro.one.

For anything you cannot reach yourself, email support@quantro.one and we will action your request within 30 days.