Privacy Policy

This Privacy Policy explains how Quanteaser (“we”, “us”) collects, uses and protects your personal data when you use our website and services (the “Service”). We are committed to processing your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable French law.

1. Data controller

The data controller is [company legal name], registered at [registered address] ([SIRET / RCS number]). For any privacy request, contact us at quanteaser@proton.me.

2. Information we collect

Information you provide

• Account data: email address, full name, username, password (stored only as a salted hash).
• Optional profile data: status (student/professional), school, graduation year, LinkedIn URL.
• Referral code you enter at sign-up, if any.

Information generated by your use

• Practice activity: answers submitted, questions completed, bookmarks, progress.
• Technical data needed to operate the Service (e.g. session identifiers, basic logs).

We do not knowingly collect special categories of data, and we do not sell your personal data.

3. Purposes and legal bases

• Provide and secure the Service, manage your account — performance of a contract.
• Process subscriptions and payments — performance of a contract.
• Send transactional emails (verification, password reset, welcome) — performance of a contract / legitimate interest.
• Track your progress and personalize your experience — performance of a contract.
• Maintain security, prevent abuse and comply with legal obligations — legitimate interest / legal obligation.

4. Service providers (processors)

We share data with the following providers strictly to operate the Service:

• Neon — managed PostgreSQL database hosting.
• Resend — transactional email delivery.
• Stripe — subscription billing and payment processing (we never store your card details).
• [application hosting provider] — application hosting.

Each processor acts on our instructions under a data processing agreement. We may also disclose data where required by law.

5. International transfers

Some providers may process data outside the EU/EEA. Where this occurs, transfers are governed by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. Data retention

• Account and profile data: kept while your account is active, then deleted within [retention period, e.g. 30 days] after account closure.
• Practice activity: kept while your account is active.
• Billing records: retained as required by accounting and tax law.

7. Your rights

Under the GDPR, you have the right to:

• access your data and obtain a copy;
• rectify inaccurate data (directly from your account page);
• erase your data and delete your account;
• restrict or object to certain processing;
• data portability;
• lodge a complaint with the CNIL (the French supervisory authority).

To exercise these rights, email quanteaser@proton.me.

8. Cookies

We use only strictly necessary cookies required for authentication and security (e.g. your session cookie). We do not use advertising or third-party tracking cookies.

9. Data security

We apply technical and organizational measures to protect your data, including encryption in transit, hashed passwords and access controls. No method of transmission or storage is completely secure.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from children under 16.

11. Changes

We may update this policy. Material changes will be communicated through the Service or by email. The “Last updated” date reflects the latest revision.

12. Contact

Questions about this policy? Email quanteaser@proton.me.