Privacy Policy
Effective Date: June 16, 2026
1. Introduction
Q-Netix ("Q-Netix", "we", "us", or "our") operates the AI-powered portfolio optimization platform available at https://q-netix.tech (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service. It also describes your rights under the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data-protection laws.
By registering for or using the Service you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Who We Are — Data Controller
For the purposes of GDPR and related legislation, the data controller is:
Company: Q-Netix
Website: https://q-netix.tech
Contact: privacy@q-netix.tech
Where we engage third-party processors to handle personal data on our behalf, we have entered into appropriate data-processing agreements that comply with Article 28 GDPR.
3. Information We Collect
3.1 Account and Registration Data
When you create an account we collect: Email address (used for account authentication via Supabase Auth, transactional communications via SendGrid, and billing notifications via Razorpay). Password (stored as a salted hash — we never store plaintext passwords). Account preferences and settings you configure within the Service.
3.2 Financial and Market Data You Provide
Stock ticker symbols uploaded by you for portfolio analysis. Optional portfolio metadata (e.g., position sizes, target allocations) you choose to input. We use the ticker symbols you provide to fetch publicly available market price data from Yahoo Finance. We do not access your brokerage accounts or hold custody of any securities.
3.3 Usage and Technical Data
Log files (IP address, browser type, operating system, pages visited, timestamps). Session identifiers and authentication tokens. API call metadata (request timing, feature usage, error logs). Device type and approximate geographic location derived from IP address.
3.4 Payment Data
Payments are processed by Razorpay Software Pvt Ltd. We do not store full payment card numbers on our servers. Razorpay provides us with a tokenised reference for billing purposes. Please review Razorpay's Privacy Policy at https://razorpay.com/privacy for details on how Razorpay processes your financial data.
3.5 Communications
When you contact our support team we retain a record of that correspondence, including any information you choose to provide.
4. How We Use Your Information
We process your personal data on the following legal bases under GDPR Article 6:
4.1 Performance of a Contract (Art. 6(1)(b))
Authenticating your identity and maintaining your account. Fetching market price data for the tickers you specify. Running portfolio optimization problems through our smart optimization engine and returning results to you. Processing payments for subscription plans via Razorpay. Sending transactional emails (account verification, password reset, billing receipts) via SendGrid.
4.2 Legitimate Interests (Art. 6(1)(f))
Improving the reliability, performance, and security of the Service. Detecting and preventing fraud, abuse, and unauthorised access. Conducting internal analytics to understand feature usage. Defending against legal claims.
4.3 Compliance with Legal Obligations (Art. 6(1)(c))
Retaining records required by applicable financial, tax, or regulatory law. Responding to lawful requests from public authorities.
4.4 Consent (Art. 6(1)(a))
Sending marketing or product update emails, where required — you may withdraw consent at any time by clicking the unsubscribe link in any marketing email or contacting privacy@q-netix.tech.
5. Third-Party Data Processors
We share personal data with the following processors solely to provide the Service. Each processor is bound by contractual data-processing obligations consistent with GDPR requirements.
5.1 Supabase, Inc. (Authentication & Database)
Role: Backend-as-a-service providing user authentication, session management, and primary data storage. Data shared: Email address, hashed password, session tokens, user-uploaded ticker data, query logs. Privacy Policy: https://supabase.com/privacy
5.2 Yahoo Finance / Yahoo! Inc. (Market Data)
Role: Source of publicly available real-time and historical market price data. Data shared: Ticker symbols provided by you (no personal data transmitted beyond the ticker string). Privacy Policy: https://legal.yahoo.com/us/en/yahoo/privacy/index.html
5.3 Groq, Inc. (AI Analysis)
Role: Large-language-model inference infrastructure used to generate AI-powered portfolio narrative and analytical commentary. Data shared: Portfolio analysis prompts containing ticker symbols, price data, and optimization output. Prompts are not linked to your email address or account identity. Privacy Policy: https://groq.com/privacy-policy/
5.4 Razorpay Software Pvt Ltd (Payment Processing)
Role: Secure payment processing and subscription billing. Data shared: Name, email address, billing address, payment card data (processed directly by Razorpay; we receive only a tokenised reference). Privacy Policy: https://razorpay.com/privacy
5.5 SendGrid / Twilio Inc. (Transactional Email)
Role: Email delivery infrastructure for transactional and (with consent) marketing communications. Data shared: Email address, email content. Privacy Policy: https://www.twilio.com/en-us/legal/privacy
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
6. International Data Transfers
Some of our third-party processors are located outside the European Economic Area (EEA) or United Kingdom. Where personal data is transferred to a country not recognised as providing an adequate level of protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to safeguard your data.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required by law.
7.1 Retention Schedule
Account data (email, preferences): Retained for the duration of your active account plus 30 days following account deletion, to allow recovery of accidentally deleted accounts and to resolve outstanding disputes.
Transaction and billing records: Retained for 7 years from the date of the transaction to comply with tax and accounting legal obligations.
Portfolio and optimization data (tickers, optimization results, AI analysis): Retained for the duration of your active account. Deleted within 30 days of account closure unless retention is required by law.
Server and security logs: Retained for 90 days, except where extended retention is necessary to investigate a security incident or comply with a lawful request.
Support correspondence: Retained for 2 years from last contact.
Email engagement data: Retained for 12 months or until you unsubscribe.
7.2 Account Deletion
You may delete your account at any time from within the Service settings. Upon confirmed deletion, we will erase or anonymise your personal data within 30 days, subject to the legal retention exceptions noted above (e.g., billing records). Anonymised or aggregated data that cannot reasonably be linked to you may be retained indefinitely for statistical and product improvement purposes.
8. Your Rights Under GDPR
If you are located in the EEA, UK, or another jurisdiction that affords comparable data-subject rights, you have the following rights with respect to your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your data where we no longer have a lawful basis to retain it.
- Right to restriction of processing (Art. 18): Request that we restrict processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: Lodge a complaint with your national supervisory authority (e.g., the ICO in the UK at https://ico.org.uk, or your EEA data protection authority).
To exercise any of these rights, contact us at privacy@q-netix.tech. We will respond within 30 days (extendable by two further months for complex requests, with notice). We may ask you to verify your identity before processing your request.
9. Cookies and Tracking Technologies
We use technically necessary cookies and session tokens to authenticate users and maintain session state. We do not use advertising or tracking cookies. Any analytics cookies we may deploy will be listed in our Cookie Notice, available on the Service, and will be subject to your consent where required by law.
10. Security
We implement industry-standard technical and organisational measures to protect your personal data, including TLS encryption in transit, AES-256 encryption for sensitive data at rest, least-privilege access controls, and regular security reviews. No method of transmission or storage is completely secure; in the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, affected users without undue delay.
11. Children
The Service is not directed to individuals under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@q-netix.tech and we will delete that data promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) or by a prominent notice on the Service at least 14 days before the change takes effect. Continued use of the Service after the effective date of any update constitutes acceptance of the revised Privacy Policy.
13. Contact
If you have questions, concerns, or requests relating to this Privacy Policy, please contact:
Email: privacy@q-netix.tech
Website: https://q-netix.tech