Privacy Policy

Last updated: 27 March 2026

1. Data Controller

Quantum Syndicate Ventures Ltd (CRN 17110348) is the data controller for personal data processed through our Services. We are registered with the UK Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

  • Account data: name, email, company name, billing address
  • Payment data: processed by Stripe; we do not store card numbers
  • Usage data: API call logs, feature usage, session metadata
  • Support data: communications via email or chat
  • Compliance data: KYC/AML screening results processed through ASTRAEA on your behalf

3. Lawful Basis

We process personal data under the following lawful bases:

  • Contract: to provide the Services you have subscribed to
  • Legitimate interest: to improve our Services, prevent fraud, and ensure security
  • Legal obligation: to comply with financial regulation and AML requirements
  • Consent: for marketing communications (opt-in only)

4. How We Use Your Data

We use collected data to: operate and bill for the Services; provide customer support; detect and prevent fraud; comply with legal obligations; improve product features; and send service-related notifications.

5. Data Sharing

We share data only with:

  • Stripe — payment processing
  • Microsoft Azure — cloud infrastructure hosting
  • Companies House — public company data lookups for KYC
  • Regulators — where required by law

We do not sell personal data. All sub-processors maintain equivalent data protection standards.

6. Data Storage & Security

Data is stored in UK/EEA Microsoft Azure data centres. We implement: TLS 1.2+ encryption in transit; AES-256 encryption at rest; role-based access control; audit logging; and regular security assessments.

7. Data Retention

Account and billing data: retained for the subscription term plus 6 years (HMRC requirement). API usage logs: 90 days. AML screening records: 5 years after the business relationship ends (Money Laundering Regulations 2017). Marketing preferences: until withdrawn.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (where no legal retention obligation applies)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the ICO (ico.org.uk)

9. Cookies

Our website uses only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.

10. International Transfers

Where data is transferred outside the UK, we ensure adequate safeguards through UK Standard Contractual Clauses or adequacy decisions.

11. Changes

We will notify you of material changes to this policy via email at least 30 days before they take effect.

12. Contact

Data protection enquiries: privacy@quantumsyndicate.ai

General enquiries: contact@quantumsyndicate.ai