Skip to main content
Publishedv1.0.1

Privacy Policy

How we collect, use, protect, and share your personal information when you interact with our services.

Owner
Compliance Steward <legal@quantumpoly.ai>
Last Reviewed
Next Review Due

Introduction

At QuantumPoly, we respect your privacy and are committed to protecting your personal data. This Privacy Policy transparently explains what information we collect, how we process it, and your rights under the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (DSG 2023).

Important: This Privacy Policy is provided for informational purposes only and does not constitute legal advice.

1. Data Controller

The data controller under GDPR and DSG is:

QuantumPoly
Owner: Aykut Aydin
Eimeldingerweg 23
4057 Basel
Switzerland

Email: legal@quantumpoly.ai
Website: https://www.quantumpoly.ai

2. Contact for Data Protection Inquiries

For all data protection inquiries, access requests, or complaints, please contact:

Email: legal@quantumpoly.ai
Postal Address: See Section 1 (Data Controller)

We typically respond to inquiries within 30 days.

3. Collection and Processing of Personal Data

3.1 Newsletter Subscription

Processed Data:

  • Email address
  • Subscription timestamp
  • IP address (for abuse prevention)

Legal Basis: Consent (Art. 6(1)(a) GDPR / Art. 6(1) DSG)

Purpose: Sending information about research results, news, and updates from QuantumPoly

Retention Period: Until you withdraw your consent (unsubscribe from newsletter)

Withdrawal: You can unsubscribe at any time via the unsubscribe link in each newsletter email or by emailing legal@quantumpoly.ai.

3.2 Contact Form and Email Inquiries

Processed Data:

  • Name (optional)
  • Email address
  • Message content
  • Timestamp

Legal Basis: Legitimate interest in responding to your inquiry (Art. 6(1)(f) GDPR / Art. 6(1) DSG)

Purpose: Processing and responding to your inquiries

Retention Period: Until your inquiry is fully processed, up to a maximum of 24 months

3.3 Server Logs and Technical Data

Processed Data:

  • IP address (anonymized after 7 days)
  • Browser type and version
  • Operating system
  • Referrer URL (previous page)
  • Access timestamp
  • Data transfer volume

Legal Basis: Legitimate interest in system security and technical error analysis (Art. 6(1)(f) GDPR / Art. 6(1) DSG)

Purpose:

  • Technical provision of the website
  • Detection and defense against cyber attacks
  • Error analysis and system optimization

Retention Period: 7 days (then automatically anonymized)

Hosting Provider: Vercel Inc., USA (see Section 5)

3.4 Cookies and Tracking Technologies

Technically Necessary Cookies:

  • Session cookies for language preferences (duration: end of session)
  • Theme preference (light/dark mode, stored locally in browser)
  • Consent preferences (stored locally in browser)

These technically necessary cookies do not require consent under Art. 6(1)(f) GDPR.

Analytics Tools (Optional - Requires Consent):

We use Vercel Analytics to understand how visitors interact with our website and improve user experience.

Processed Data:

  • Anonymized page views
  • Anonymized navigation patterns
  • Device type and browser information (aggregated)
  • Geographic location (country-level only)

Legal Basis: Consent (Art. 6(1)(a) GDPR / Art. 6(1) DSG)

Provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA

Privacy-Friendly Features:

  • Cookie-free tracking: No cookies are set by Vercel Analytics
  • No personal data collection: All data is anonymized and aggregated
  • GDPR-compliant by design: Meets all EU data protection requirements
  • No cross-site tracking: Data is not shared with third parties
  • Opt-in only: Analytics are activated only after explicit user consent

Your Choice:
You can manage your analytics preferences at any time via our Consent Settings page. Withdrawing consent will immediately disable analytics tracking.

Data Processing Agreement:
Vercel Inc. acts as a data processor under Art. 28 GDPR. A Data Processing Agreement (DPA) is in place ensuring GDPR compliance.

Privacy Policy: https://vercel.com/legal/privacy-policy

4. Legal Basis for Data Processing

We process personal data exclusively based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): Newsletter subscription
  • Legitimate Interest (Art. 6(1)(f) GDPR): Server logs, contact forms, system security
  • Legal Obligation (Art. 6(1)(c) GDPR): Retention of tax-relevant data (if applicable)

5. Recipients and Data Transfers to Third Parties

5.1 Hosting Provider

Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
USA

Processed Data: Server logs, IP addresses, technical request data

Legal Basis for Third Country Transfer: Standard Contractual Clauses of the European Commission (Art. 46(2)(c) GDPR)

Purpose: Technical provision and operation of the website

Privacy Policy: https://vercel.com/legal/privacy-policy

Vercel is GDPR-compliant and meets the requirements of the Schrems II ruling through the use of Standard Contractual Clauses and additional technical protective measures.

5.2 No Other Third Parties

We currently do not use any other service providers for analytics, marketing, or tracking.

Future Integrations:
Should additional service providers be added (e.g., email delivery services, analytics), we will transparently list them in this Privacy Policy and ensure that data processing agreements under Art. 28 GDPR are concluded.

6. Data Transfers to Third Countries

Personal data is transferred exclusively to Vercel Inc. (USA). This transfer is based on:

  • Standard Contractual Clauses (SCC)
  • Technical and organizational measures under Art. 32 GDPR
  • Transparency obligations under the Schrems II ruling (ECJ C-311/18)

No transfers to other third countries without an adequacy decision occur.

7. Retention Periods

| Data Type | Retention Period | | ----------------------------- | --------------------------------------- | | Newsletter subscriptions | Until unsubscribe | | Contact form inquiries | Until processed, max. 24 months | | Server logs (IP addresses) | 7 days (then anonymized) | | Technically necessary cookies | End of session or until manual deletion |

After the retention period expires, data is promptly deleted or anonymized unless legal retention obligations exist.

8. Your Rights as Data Subject

Under GDPR and DSG, you have the following rights:

8.1 Right of Access (Art. 15 GDPR)

You have the right to obtain information about what personal data we have stored about you.

8.2 Right to Rectification (Art. 16 GDPR)

You can request the correction of inaccurate or incomplete data.

8.3 Right to Erasure (Art. 17 GDPR)

You can request the deletion of your data if:

  • The data is no longer necessary for the purposes
  • You have withdrawn your consent
  • You have objected to processing
  • The data has been unlawfully processed

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of processing if:

  • The accuracy of the data is contested
  • The processing is unlawful
  • We no longer need the data, but you need it for legal claims

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, machine-readable format (e.g., JSON, CSV).

8.6 Right to Object (Art. 21 GDPR)

You can object to the processing of your data for reasons arising from your particular situation.

8.7 Withdrawal of Consent

If processing is based on your consent (e.g., newsletter), you can withdraw it at any time with effect for the future.

8.8 Right to Lodge a Complaint with Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority.

Competent Supervisory Authority (Switzerland):
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
Website: https://www.edoeb.admin.ch

Competent Supervisory Authority (EU/EEA):
Contact the data protection authority of your country of residence.

Exercising Your Rights:
Contact us by email at legal@quantumpoly.ai. We will process your request within 30 days.

9. Security Measures

We implement technical and organizational measures under Art. 32 GDPR to protect your data from unauthorized access, loss, manipulation, or destruction:

  • Transport Layer Security (TLS): All data transmissions are encrypted (HTTPS)
  • Content Security Policy (CSP): Protection against Cross-Site Scripting (XSS) and code injection
  • Strict-Transport-Security (HSTS): Enforced HTTPS connections
  • Access Controls: Restricted access to personal data (need-to-know principle)
  • Regular Security Reviews: Automated tests and manual audits
  • Anonymization: Automatic anonymization of IP addresses after 7 days

Despite these measures, absolute security cannot be guaranteed. We recommend not transmitting sensitive information unencrypted via email.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our processing practices, legal requirements, or new features.

Notification of Material Changes:

  • Update of the "Last Updated" date
  • Increase of version number
  • For material changes: Email notification to newsletter subscribers

We recommend reviewing this Privacy Policy regularly.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected data from a child, we will delete it promptly.

12. Contact and Additional Information

For questions, comments, or complaints about this Privacy Policy or our data protection practices, please contact us:

Data Protection Officer / Controller:
Aykut Aydin
QuantumPoly
Eimeldingerweg 23
4057 Basel
Switzerland
Email: legal@quantumpoly.ai

Response Time: Typically within 30 days under Art. 12(3) GDPR.

13. External Links

Our website contains links to external third-party websites. We have no influence over their data protection practices and assume no responsibility for their content or privacy policies. We recommend reviewing the privacy policies of the linked websites.

14. Legal Notices

14.1 Applicable Law

This Privacy Policy is governed by Swiss law, in particular the revised Federal Act on Data Protection (DSG 2023). For individuals in the EU/EEA, the General Data Protection Regulation (GDPR) additionally applies.

14.2 Disclaimer

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. For specific legal questions, please consult a data protection attorney.

14.3 Imprint

For legal information about the operator of this website, please refer to our Imprint.

Last Updated: November 25, 2025 Version: v1.0.1 Status: Legally reviewed and approved Effective Date: November 25, 2025