Quastra
Back to Home

Privacy Policy

Effective Date: January 1, 2025

1. INTRODUCTION

This Privacy Policy explains how Quastra ("we," "us," or "our") collects, uses, protects, and shares your personal information when you use our cryptocurrency trading strategy backtesting platform. We are committed to protecting your privacy and handling your data transparently.

2. CONTROLLER INFORMATION

Data Controller: Quastra
Email: privacy@quastra.io

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide
  • Account Information: Email address, username, password (securely hashed)
  • Profile Information: Account preferences and settings
  • Communication Data: Support requests and correspondence
3.2 Information from Third-Party Services
  • Google OAuth: Google ID, email address, profile information (only when you choose to sign in with Google)
3.3 Trading and Usage Data
  • Strategy Configurations: Technical indicators, parameters, trading rules you create
  • Backtest Data: Trading simulations, performance results, historical analyses
  • Platform Usage: Feature usage, session duration, platform interactions
3.4 Technical Information
  • Device Information: Browser type, operating system, device identifiers
  • Network Information: IP address, connection data
  • Cookies and Tracking: Essential cookies for authentication and preferences
  • Log Data: Security logs, error reports, performance metrics

4. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data based on:

  • Contract Performance: To provide our services as agreed in our Terms of Service
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Consent: For optional features and communications (where required)
  • Legal Obligation: To comply with applicable laws and regulations

5. HOW WE USE YOUR INFORMATION

5.1 Service Provision
  • Create and manage your account
  • Execute backtests and generate trading analyses
  • Save and retrieve your trading strategies
  • Provide customer support
5.2 Security and Safety
  • Detect and prevent fraud and unauthorized access
  • Monitor for abuse and violations of our Terms
  • Maintain audit logs for security purposes
  • Implement rate limiting and usage controls
5.3 Service Improvement
  • Analyze usage patterns to enhance platform features
  • Monitor platform performance and reliability
  • Optimize user experience

6. INFORMATION SHARING

6.1 Third-Party Service Providers
  • Paddle: Payment processing (Merchant of Record) - only payment-related information
  • Google: Authentication services - only when you use Google OAuth
  • Resend: Email delivery services - only your email address for transactional emails
  • Binance API: Market data provider - no personal information shared
6.2 We Do Not
  • Sell your personal information to third parties
  • Share your trading strategies with other users
  • Use your data for advertising or marketing to third parties
  • Provide your information to data brokers or marketers
6.3 Legal Disclosures

We may disclose your information when required by law, legal process, or to protect our rights, property, or safety.

7. DATA RETENTION

7.1 Retention Periods
  • Account Data: Retained until account deletion
  • Backtest Results: Subject to plan limits and automatic cleanup
  • Security Logs: 30 days (or longer if required for investigations)
  • Financial Records: As required by applicable law (typically 7 years)
7.2 Data Deletion
  • Upon account deletion, we remove your personal data within 30 days
  • Some anonymized data may be retained for statistical purposes
  • Legal obligations may require longer retention for specific data types

8. DATA SECURITY

We implement appropriate technical and organizational measures:

  • Encryption: HTTPS for data transmission, encrypted database storage
  • Access Controls: Role-based access, multi-factor authentication
  • Security Monitoring: Continuous monitoring for threats and vulnerabilities
  • Regular Updates: Security patches and system updates
  • Staff Training: Regular privacy and security training for employees

9. YOUR PRIVACY RIGHTS

9.1 Rights Under GDPR/CCPA
  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for voluntary processing
9.2 How to Exercise Your Rights
  • Account Settings: Modify most data through your account dashboard
  • Email Request: Contact privacy@quastra.com for formal requests
  • Response Time: We respond within 30 days (GDPR) or 45 days (CCPA)
  • Verification: We may request identity verification for security

10. COOKIES AND TRACKING

10.1 Essential Cookies
  • Authentication and session management
  • Security and CSRF protection
  • User preference storage
10.2 Third-Party Cookies
  • Google OAuth authentication (only when used)
  • No advertising or tracking cookies
10.3 Cookie Control

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

11. CHILDREN'S PRIVACY

11.1 Age Requirements
  • General: 18 years or older
  • EU Users: Must meet local digital consent age (13-16 years, varies by country)
11.2 Child Data Protection

We do not knowingly collect data from children under the applicable age limits. If we discover such collection, we immediately delete the information and terminate the account.

12. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
  • Standard Contractual Clauses: EU-approved contract terms for data protection
  • Certification Programs: Participation in recognized privacy frameworks

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

13.1 Categories of Personal Information

We collect identifiers, commercial information, internet activity, and professional information as described above.

13.2 Business Purposes

We use personal information for service provision, security, and improvement as detailed in Section 5.

13.3 No Sale of Personal Information

We do not sell personal information and have not sold personal information in the preceding 12 months.

14. DATA BREACH NOTIFICATION

In case of a data breach:

  • User Notification: Within 72 hours via email and platform notification
  • Authority Notification: As required by applicable law
  • Information Provided: Nature of breach, affected data, protective measures taken
  • Support: Guidance on protective steps you can take

15. UPDATES TO THIS POLICY

15.1 Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • Enhanced privacy protections
15.2 Notification
  • Material Changes: 30 days advance notice via email and platform notification
  • Minor Updates: Notice through platform or updated effective date
  • Continued Use: Constitutes acceptance of updated terms

16. CONTACT INFORMATION

16.1 Privacy Inquiries
  • Email: privacy@quastra.io
  • Response Time: Within 30 days
16.2 Supervisory Authority

You have the right to lodge a complaint with:

  • Turkey: Personal Data Protection Authority (KVKK)
  • EU: Your local data protection authority
  • California: California Attorney General's Office
Last Updated: January 1, 2025
© 2025 Quastra. All rights reserved.
Terms of ServicePrivacy Policy