ChatQuant — AI Trading Agents, No Code Required

ChatQuant

Legal

Privacy Policy

Effective date: May 26, 2026

Summary: We collect only what we need to run the platform. We never sell your data. Your API keys are encrypted at rest. You can delete your account and all associated data at any time.

1. Who We Are

ChatQuant ("we", "us", "our") operates the ChatQuant platform accessible at chatquant.ai. We provide AI-powered trading agent software that generates market signals for educational and informational purposes only.

For privacy inquiries, contact us at legal@chatquant.ai.

2. Data We Collect

We collect the minimum data needed to operate the platform. Below is everything we may collect, grouped by category.

2.1 Account Data

When you register: full name, email address, hashed password (bcrypt), account creation timestamp, and last login timestamp. OAuth sign-ins via Google return your name, email, and profile picture URL — we store only name and email.

2.2 Agent Configuration Data

Trading agent settings you configure: strategy parameters, interval settings, safety constraints, signal channel preferences, and trading window configuration. This data is necessary to operate your agents.

2.3 API Keys & Credentials

Third-party API keys you provide (e.g., Alpaca brokerage credentials) are encrypted at rest using AES-256-GCM with unique per-record IVs. Keys are transmitted over TLS 1.3 only and are never logged in plaintext.

2.4 Trading Activity Data

Paper trading performance data, order history, equity curves, portfolio snapshots, and signal logs generated by your agents. This data is used to display your dashboard and compute leaderboard rankings.

2.5 Billing Data

Credit balance, top-up transaction history (amount, timestamp, reference), and subscription tier. We do not store raw card numbers — payment processing is handled entirely by our payment processor. We store only transaction metadata.

2.6 Technical & Usage Data

Server-side logs (IP address, request path, HTTP status, response time, error traces) retained for 30 days. Agent execution logs retained for 90 days. We may collect browser type and OS from HTTP User-Agent headers for debugging purposes.

2.7 Communication Data

If you contact us via email or support channels, we retain that correspondence to resolve your inquiry and improve the service.

3. How We Use Your Data

We use your data exclusively to:

Create and maintain your account
Run your AI trading agents on your behalf
Deliver signals via your configured channels (Discord, Telegram, Webhook, Google Sheets)
Display performance metrics and leaderboard rankings
Process billing and credit management
Send transactional emails (account, billing, alerts)
Diagnose errors and maintain platform reliability
Comply with applicable law and enforce our Terms

We do not use your data for advertising, profiling, or selling to third parties. We do not train AI models on your personal trading data or strategy configurations.

4. Legal Bases for Processing

Where GDPR applies, we rely on the following legal bases for processing personal data:

Performance of Contract

Processing your account data, agent configurations, and trading activity is necessary to deliver the service you signed up for.

Legitimate Interests

Server logs, error tracking, and security monitoring are necessary for our legitimate interest in maintaining a secure and reliable platform.

Legal Obligation

We may retain certain records to comply with applicable financial, tax, and anti-fraud regulations.

Consent

Where we request your consent (e.g., marketing emails), you may withdraw it at any time by contacting us or using the unsubscribe link.

5. Third-Party Services

We use the following sub-processors and third-party services to operate the platform. Each has its own privacy policy.

Provider	Purpose	Data Shared
Supabase / PostgreSQL	Database hosting	All structured user data
Vercel	App hosting & CDN	HTTP request logs, IP addresses
Anthropic	AI model inference	Agent prompts, market context (no personal identifiers sent)
Alpaca Markets	Paper/live trade execution	Alpaca API key (encrypted), order data
Upstash QStash	Scheduled job delivery	Agent IDs, schedule configuration
Google (OAuth)	Optional sign-in	Name, email (if you use Google sign-in)
Payment Processor	Credit top-ups	Transaction amount (card data processed by provider only)

We do not sell or rent your personal data to any third party. Sub-processors are contractually required to protect your data and use it only for the specified purpose.

6. Data Retention

Active Accounts

Your data is retained for as long as your account is active. You may delete your account at any time; we will erase your personal data within 30 days of a deletion request.

Trading & Performance Data

Agent snapshots, signal logs, and performance metrics are retained for 2 years from creation, or until you delete them, whichever comes first.

Billing Records

Transaction records are retained for 7 years to comply with applicable tax and accounting obligations, even after account deletion.

Server Logs

Access logs are retained for 30 days. Error/exception traces are retained for 90 days and contain no personal financial data.

7. Cookies & Local Storage

We use a minimal set of cookies and browser storage:

Session cookie: Secure, HttpOnly, SameSite=Strict. Required for authentication. Expires on browser close or after 7 days of inactivity.
Preference storage (localStorage): Stores non-personal UI preferences (theme, collapsed panels). No tracking identifiers.

We do not use third-party advertising cookies, cross-site tracking pixels, or analytics fingerprinting. We do not use Google Analytics or similar tracking SDKs.

8. Security Measures

We implement technical and organisational measures to protect your data:

AES-256-GCM encryption for API keys and sensitive credentials at rest
TLS 1.3 for all data in transit
bcrypt password hashing (never stored in plaintext)
Role-based access control — staff cannot access user API keys
Automated security scanning and dependency audits in CI/CD pipeline
Database access restricted to application servers via VPC

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to legal@chatquant.ai.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect.
Right to Delete: Request deletion of personal information we have collected.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

To exercise these rights, contact legal@chatquant.ai. We will verify your identity before processing requests.

11. Panama Data Protection Law

ChatQuant is operated under the laws of the Republic of Panama. We comply with Panama's Law No. 81 of 2019 on Personal Data Protection and its regulations (Executive Decree 285 of 2021).

Under Law 81, you have the rights to access, rectify, cancel, and oppose the processing of your personal data ("ARCO rights"). To exercise ARCO rights, contact legal@chatquant.ai.

12. International Data Transfers

Your data may be processed in the United States and other countries by our sub-processors (Vercel, Supabase, Anthropic, Upstash). Where transfers occur from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant supervisory authorities.

13. Children's Privacy

The platform is not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us at legal@chatquant.ai and we will delete the account and associated data promptly.

14. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the effective date at the top of this page and, where required by law, notify you by email at least 30 days before the changes take effect.

Your continued use of the platform after the effective date constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.

15. Contact Us

For privacy inquiries, data requests, or to report a concern:

ChatQuant

Email: legal@chatquant.ai

Subject line: "Privacy Request — [Topic]"

Response time: within 30 calendar days

Legal

Privacy Policy

Effective date: May 26, 2026

Summary: We collect only what we need to run the platform. We never sell your data. Your API keys are encrypted at rest. You can delete your account and all associated data at any time.

1. Who We Are

For privacy inquiries, contact us at legal@chatquant.ai.

2. Data We Collect

We collect the minimum data needed to operate the platform. Below is everything we may collect, grouped by category.

2.1 Account Data

2.2 Agent Configuration Data

2.3 API Keys & Credentials

2.4 Trading Activity Data

2.5 Billing Data

2.6 Technical & Usage Data

2.7 Communication Data

If you contact us via email or support channels, we retain that correspondence to resolve your inquiry and improve the service.

3. How We Use Your Data

We use your data exclusively to:

Create and maintain your account
Run your AI trading agents on your behalf
Deliver signals via your configured channels (Discord, Telegram, Webhook, Google Sheets)
Display performance metrics and leaderboard rankings
Process billing and credit management
Send transactional emails (account, billing, alerts)
Diagnose errors and maintain platform reliability
Comply with applicable law and enforce our Terms

We do not use your data for advertising, profiling, or selling to third parties. We do not train AI models on your personal trading data or strategy configurations.

4. Legal Bases for Processing

Where GDPR applies, we rely on the following legal bases for processing personal data:

Performance of Contract

Processing your account data, agent configurations, and trading activity is necessary to deliver the service you signed up for.

Legitimate Interests

Server logs, error tracking, and security monitoring are necessary for our legitimate interest in maintaining a secure and reliable platform.

Legal Obligation

We may retain certain records to comply with applicable financial, tax, and anti-fraud regulations.

Consent

Where we request your consent (e.g., marketing emails), you may withdraw it at any time by contacting us or using the unsubscribe link.

5. Third-Party Services

We use the following sub-processors and third-party services to operate the platform. Each has its own privacy policy.

Provider	Purpose	Data Shared
Supabase / PostgreSQL	Database hosting	All structured user data
Vercel	App hosting & CDN	HTTP request logs, IP addresses
Anthropic	AI model inference	Agent prompts, market context (no personal identifiers sent)
Alpaca Markets	Paper/live trade execution	Alpaca API key (encrypted), order data
Upstash QStash	Scheduled job delivery	Agent IDs, schedule configuration
Google (OAuth)	Optional sign-in	Name, email (if you use Google sign-in)
Payment Processor	Credit top-ups	Transaction amount (card data processed by provider only)

We do not sell or rent your personal data to any third party. Sub-processors are contractually required to protect your data and use it only for the specified purpose.

6. Data Retention

Active Accounts

Your data is retained for as long as your account is active. You may delete your account at any time; we will erase your personal data within 30 days of a deletion request.

Trading & Performance Data

Agent snapshots, signal logs, and performance metrics are retained for 2 years from creation, or until you delete them, whichever comes first.

Billing Records

Transaction records are retained for 7 years to comply with applicable tax and accounting obligations, even after account deletion.

Server Logs

Access logs are retained for 30 days. Error/exception traces are retained for 90 days and contain no personal financial data.

7. Cookies & Local Storage

We use a minimal set of cookies and browser storage:

Session cookie: Secure, HttpOnly, SameSite=Strict. Required for authentication. Expires on browser close or after 7 days of inactivity.
Preference storage (localStorage): Stores non-personal UI preferences (theme, collapsed panels). No tracking identifiers.

We do not use third-party advertising cookies, cross-site tracking pixels, or analytics fingerprinting. We do not use Google Analytics or similar tracking SDKs.

8. Security Measures

We implement technical and organisational measures to protect your data:

AES-256-GCM encryption for API keys and sensitive credentials at rest
TLS 1.3 for all data in transit
bcrypt password hashing (never stored in plaintext)
Role-based access control — staff cannot access user API keys
Automated security scanning and dependency audits in CI/CD pipeline
Database access restricted to application servers via VPC

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to legal@chatquant.ai.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect.
Right to Delete: Request deletion of personal information we have collected.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

To exercise these rights, contact legal@chatquant.ai. We will verify your identity before processing requests.

11. Panama Data Protection Law

ChatQuant is operated under the laws of the Republic of Panama. We comply with Panama's Law No. 81 of 2019 on Personal Data Protection and its regulations (Executive Decree 285 of 2021).

Under Law 81, you have the rights to access, rectify, cancel, and oppose the processing of your personal data ("ARCO rights"). To exercise ARCO rights, contact legal@chatquant.ai.

12. International Data Transfers

13. Children's Privacy

14. Changes to This Policy

Your continued use of the platform after the effective date constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.

15. Contact Us

For privacy inquiries, data requests, or to report a concern:

ChatQuant

Email: legal@chatquant.ai

Subject line: "Privacy Request — [Topic]"

Response time: within 30 calendar days

Privacy Policy

1. Who We Are

2. Data We Collect

3. How We Use Your Data

4. Legal Bases for Processing

5. Third-Party Services

6. Data Retention

7. Cookies & Local Storage

8. Security Measures

9. Your Rights (GDPR & EEA Users)

10. California Privacy Rights (CCPA/CPRA)

11. Panama Data Protection Law

12. International Data Transfers

13. Children's Privacy

14. Changes to This Policy

15. Contact Us

Privacy Policy

1. Who We Are

2. Data We Collect

3. How We Use Your Data

4. Legal Bases for Processing

5. Third-Party Services

6. Data Retention

7. Cookies & Local Storage

8. Security Measures

9. Your Rights (GDPR & EEA Users)

10. California Privacy Rights (CCPA/CPRA)

11. Panama Data Protection Law

12. International Data Transfers

13. Children's Privacy

14. Changes to This Policy

15. Contact Us