Let's ship your idea together
Tell us about your ideas and we find the best way to make it real.
GDPR Compliance
Last Updated: November 6, 2025
Contents
GDPR Overview
QuantFlow is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR). As a European-operated agency, GDPR compliance is native to our operations—not retrofitted.
Your data stays in Europe under strict data protection standards, giving you simpler compliance and stronger safeguards than US-based alternatives. GDPR compliance built-in from day one.
Legal Basis for Processing
We process personal data under these legal bases:
Contract Performance (Art. 6(1)(b)): Processing necessary to fulfill software development contracts
Legitimate Interests (Art. 6(1)(f)): Website analytics and service improvement, balanced against your privacy rights
Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies (you can withdraw anytime)
Legal Obligation (Art. 6(1)(c)): Tax compliance and financial record-keeping (7-year retention)
Your Rights Under GDPR
Under GDPR, you have comprehensive rights over your personal data:
Right to Access (Art. 15)
Request a copy of all personal data we hold about you. We will respond within 30 days with a comprehensive data export.
Right to Rectification (Art. 16)
Correct inaccurate or incomplete data. Update your information anytime by contacting our privacy team.
Right to Erasure (Art. 17)
Request deletion of your data ("right to be forgotten"). Exceptions apply for legal obligations such as tax records.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format. We provide exports in JSON or CSV formats.
Right to Object (Art. 21)
Object to processing based on legitimate interests or direct marketing. Opt-out mechanisms available for all marketing communications.
Right to Restrict Processing (Art. 18)
Limit how we process your data while investigating a dispute or verifying accuracy.
Data Processing & Security
We implement technical and organizational measures to protect your personal data:
Technical Safeguards
• End-to-end encryption (TLS 1.3)
• Encrypted European data centers
• Security audits and testing
• Multi-factor authentication
• Encrypted automated backups
Organizational Measures
• Role-based access control
• Annual data protection training
• Team confidentiality agreements
• Data Protection Impact Assessments
• Regular policy reviews
Data Retention Periods
Contact Inquiries: 2 years from last contact
Project Data: Contract duration + 7 years (tax compliance)
Analytics Data: 26 months maximum
Marketing Data: Until you opt-out
Data Protection Officer
Our Data Protection Officer oversees GDPR compliance, data protection policies, and responds to data subject requests within the required 30-day timeframe.
How to Exercise Your Rights
To exercise any of your GDPR rights, follow these steps:
1. Send Your Request
Email hello@quantflow.studio with your specific request (access, rectification, erasure, etc.)
2. Identity Verification
We may ask for verification to ensure we are providing data to the right person and protecting your privacy.
3. We Respond Within 30 Days
As required by GDPR, we will respond to your request within 30 days with the requested information or action taken.
Right to Lodge a Complaint
If you believe we are not complying with GDPR, you have the right to lodge a complaint with a supervisory authority in your EU member state. However, we encourage you to contact us first so we can address your concerns directly.