Quant ChartsQuant Charts
Terms of ServiceEnd User License AgreementPrivacy PolicyRefund Policy

QUANT CHARTS LLC PRIVACY POLICY

Effective Date: May 7, 2026 Version: 1.0

This Privacy Policy describes how Quant Charts LLC, a Tennessee limited liability company ("Company," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Quant Charts desktop software and related online services (together, the "Services"). It also explains the rights available to you under applicable privacy law.

Capitalized terms not defined in this Privacy Policy have the meaning given in the Terms of Service.

1. INTRODUCTION AND SCOPE

1.1 Who We Are. We are Quant Charts LLC, a Tennessee limited liability company. For any privacy-related question or request, you can reach us at limbo@quantchartsllc.com. We are the controller of the Personal Information described in this Policy.

1.2 Scope. This Policy applies to Personal Information we collect through (a) the Quant Charts desktop application, (b) our authentication, license-enforcement, and software-update backend, and (c) our support correspondence. It does not apply to third-party websites, products, or services that we do not operate, even if they are linked from the Services.

1.3 Personal Information. "Personal Information" means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, with a particular individual or household.

2. INFORMATION WE COLLECT

We collect the categories of Personal Information described below. For each category, we identify the purpose of collection.

2.1 Account Information. When you create an Account, we collect your email address and a hashed form of the password you choose. We do not store your plaintext password.

2.2 Subscription Information. When you purchase, renew, or cancel a Subscription, we receive from LemonSqueezy your LemonSqueezy customer identifier and LemonSqueezy subscription identifier, the status of your subscription (for example, active, past due, canceled), your trial status (if any), and the start and end dates of your current Billing Period. LemonSqueezy acts as merchant of record for the transaction and may collect tax-related identifiers, including your country and state or province, at checkout.

2.3 Payment Information. We do not collect or store full payment-card numbers. All payment information is handled by Lemon Squeezy, LLC, our authorized payment processor and merchant of record. You should review LemonSqueezy's privacy notice to understand how LemonSqueezy processes your payment information.

2.4 Technical and Security Information. When you sign in, sign up, reset your password, or authenticate a session, we collect your Internet Protocol (IP) address, user-agent string, application version, event timestamp, event type, and whether the event succeeded or failed (and, if failed, the reason). This information is used to authenticate you, prevent fraud and abuse, enforce rate limits, and maintain security audit records.

2.5 Device Identifier. To enforce the two-device-per-Subscription license limit, we compute and store a cryptographic hash derived from local device characteristics, including hostname, CPU model, installed physical memory capacity, and motherboard serial number. We do not transmit or retain the underlying raw values. The resulting hash is a pseudonymous identifier used solely to determine whether a given Authorized Device has been previously activated under your Subscription.

2.6 Integrity and Anti-Tamper Signals. The Software sends short, periodic signals to our backend indicating events such as application launch, completion of authentication, availability of a new Update, and the occurrence of activity indicating an attempt to bypass license enforcement. These signals include your application version and timestamp, and a short code identifying the event type. These signals do not include the contents of any strategy, indicator, notebook, whiteboard, or other material you author or open in the Software; they do not include keystrokes; and they do not include web-browsing information.

2.7 Update-Check Logs. When the Software checks for Updates through our update-proxy function, we log the request's IP address, user-agent string, the filename requested (for example, the update manifest or a release asset), and the HTTP response status code.

2.8 Support Correspondence. If you contact us for support, we collect the contents of your message, your email address, and any attachments or other information you voluntarily provide.

3. INFORMATION WE DO NOT COLLECT

We do not integrate third-party analytics services with the Software (for example, we do not use Sentry, PostHog, Mixpanel, Google Analytics, Segment, or similar). We do not transmit crash reports or minidumps off your device. We do not collect the content of your strategies, indicators, notebooks, or whiteboards. We do not log keystrokes. We do not track your web-browsing activity.

4. SOURCES OF INFORMATION

We obtain Personal Information (a) directly from you, when you create an Account, purchase a Subscription, or contact support; (b) automatically from the Software, for the technical, security, device-identifier, integrity, and update-check categories described in Section 2; (c) from LemonSqueezy, for payment and subscription-verification results; and (d) from your device's operating system, for the inputs used to compute the device-identifier hash described in Section 2.5.

5. HOW WE USE INFORMATION

We use Personal Information to:

5.1 provide, operate, and maintain the Services;

5.2 authenticate you and secure your Account;

5.3 activate, enforce, and renew your Subscription and license;

5.4 detect, investigate, and prevent fraud, abuse, unauthorized access, and attempts to bypass license enforcement;

5.5 deliver software Updates and security patches;

5.6 respond to your inquiries, provide customer support, and communicate with you about your Account or the Services;

5.7 enforce our Terms of Service, End User License Agreement, Refund Policy, and this Policy;

5.8 comply with applicable legal, regulatory, and tax obligations and respond to valid legal process; and

5.9 defend, establish, or exercise legal claims.

6. LEGAL BASES FOR PROCESSING (CUSTOMERS IN THE EEA, UK, AND SWITZERLAND)

Where the General Data Protection Regulation (Regulation (EU) 2016/679) or the United Kingdom General Data Protection Regulation applies, we rely on the following legal bases to process Personal Information:

6.1 Performance of a Contract. To provide the Services you have purchased and to administer your Subscription and license.

6.2 Legitimate Interests. To secure the Services, prevent fraud and piracy, enforce our Terms, maintain product integrity, and defend legal claims. Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms.

6.3 Legal Obligation. To comply with applicable law, including tax, accounting, and record-keeping obligations.

6.4 Consent. Where we specifically request your consent for a particular processing activity, you have the right to withdraw that consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. DISCLOSURE OF PERSONAL INFORMATION

7.1 Service Providers. We share Personal Information with the following service providers, each of which processes Personal Information on our behalf and under contractual confidentiality and data-protection obligations:

(a) Supabase, Inc., which hosts our authentication system, database, and edge functions;

(b) Lemon Squeezy, LLC, which is the merchant of record, processes payments, and manages subscriptions; and

(c) GitHub, Inc., which hosts our software binaries; downloads are routed through our Supabase-hosted proxy so that, unless you download a release asset directly from GitHub, GitHub receives only the proxy's connection information.

7.2 Legal Disclosures. We may disclose Personal Information (a) to comply with applicable law, regulation, legal process, or governmental request, (b) to enforce our Terms of Service, the EULA, or this Policy, (c) to detect, prevent, or address fraud, security, or technical issues, or (d) to protect the rights, property, or safety of Company, our customers, or the public.

7.3 Corporate Transactions. If Company is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of its assets, Personal Information may be transferred to the successor or acquirer, subject to this Policy continuing to apply or to advance notice if material changes are required.

7.4 No Sale or Sharing. We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined in the California Consumer Privacy Act as amended by the California Privacy Rights Act. We have not sold or shared Personal Information in the preceding twelve (12) months.

8. INTERNATIONAL DATA TRANSFERS

We are based in the United States, and our service providers identified in Section 7.1 store and process data primarily in the United States. If you access the Services from outside the United States, you understand and consent to the transfer of your Personal Information to, and its processing in, the United States. Where required by applicable law, we rely on appropriate transfer mechanisms, such as the European Commission's Standard Contractual Clauses, to lawfully transfer Personal Information from the European Economic Area, the United Kingdom, or Switzerland to the United States.

9. DATA RETENTION

We retain Personal Information for the periods described below, or for longer where required or permitted by law:

9.1 Authentication events (Section 2.4): thirteen (13) months from the date of the event.

9.2 Account profile data (Section 2.1) and subscription records (Section 2.2): for the life of the Account plus twelve (12) months after last activity.

9.3 Device identifier hash (Section 2.5): for the duration of the Subscription plus thirty (30) days.

9.4 Integrity and anti-tamper signals (Section 2.6): ninety (90) days.

9.5 Update-check logs (Section 2.7): ninety (90) days.

9.6 Support correspondence (Section 2.8): two (2) years from the date the matter is closed.

At the end of the applicable retention period, we delete or anonymize the relevant Personal Information, except that we may retain limited information where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

10. INFORMATION SECURITY

We implement administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, loss, alteration, or disclosure. These safeguards include transport-layer encryption; certificate pinning on sensitive endpoints; encryption of session tokens at rest using the operating system's secure-storage facilities; server-side rate-limiting of authentication events; and integrity validation of distributed binaries. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

11. YOUR RIGHTS

On verifiable request submitted to limbo@quantchartsllc.com, you may exercise the rights described below that are available to you under applicable law. We may need to confirm your identity and your relationship to the Personal Information before responding. We do not charge a fee for exercising these rights, except where permitted by law for requests that are manifestly unfounded or excessive.

11.1 General Rights. Subject to applicable law, you may request (a) access to the Personal Information we hold about you, (b) correction of inaccurate or incomplete Personal Information, (c) deletion of Personal Information, (d) a portable copy of Personal Information you have provided to us, (e) restriction of, or objection to, certain processing, and (f) withdrawal of any consent you have given.

11.2 California Residents (CCPA/CPRA). If you are a California resident, you have the right to know what Personal Information we have collected about you and how it has been used and disclosed; the right to delete Personal Information we have collected from you, subject to certain exceptions; the right to correct inaccurate Personal Information; the right to opt out of the sale or sharing of Personal Information (not applicable: we do not sell or share Personal Information); the right to limit the use of sensitive personal information for secondary purposes (not applicable: we do not use sensitive personal information for purposes other than those permitted by law without further notice); and the right to non-discrimination for exercising any right. You may use an authorized agent to make a request on your behalf, provided that you have given the agent written permission and we can verify your identity and the agent's authorization.

11.3 Tennessee Residents (Tennessee Information Protection Act). If you are a Tennessee resident, you have the right to confirm whether we process Personal Information about you, access that Personal Information, correct inaccuracies, request deletion, obtain a portable copy, and opt out of processing for purposes of targeted advertising, sale, or profiling that produces legal or similarly significant effects. We do not engage in targeted advertising, sale, or qualifying profiling.

11.4 EU, UK, and Swiss Residents (GDPR / UK GDPR). If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 11.1, plus the right to lodge a complaint with a supervisory authority in your jurisdiction.

11.5 Other U.S. State Rights. If you reside in another U.S. state that provides privacy rights comparable to those described above, you may exercise equivalent rights to the extent provided by that state's law.

11.6 Response Time. We will respond to verifiable requests within the time required by applicable law, generally within thirty (30) days of receipt, extensible once by a reasonable period where necessary and permitted by law and only after providing you notice of the extension.

11.7 Appeal. If we decline to act on your request in whole or in part, you may appeal our decision by replying to our response email. We will reconsider the request and respond in writing within a reasonable period.

12. CHILDREN

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from children. If you believe that we have collected Personal Information from a child, please contact us at limbo@quantchartsllc.com and we will take appropriate steps to delete it.

13. AUTOMATED DECISION-MAKING

We do not engage in automated decision-making that produces legal or similarly significant effects on individuals.

14. CHANGES TO THIS POLICY

We may update this Policy from time to time. If we make material changes, we will provide at least thirty (30) days' advance notice by email to the address on file and, where appropriate, by a notice within the Software. The Effective Date at the top of this Policy reflects the most recent revision. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the updated Policy.

15. CONTACT

To ask a question or exercise a right under this Policy, please contact us at:

Quant Charts LLC A Tennessee Limited Liability Company Email: limbo@quantchartsllc.com

© 2026 Quant Charts LLC. All rights reserved.

Questions about this document? limbo@quantchartsllc.com.