Privacy Policy

10Quant ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Platform.

By using 10Quant, you consent to the data practices described in this policy. We encourage you to read this document carefully.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, 10Quant acts as the data controller for the personal data we process as described in this policy.

Account Information: When you register, we collect your email address, display name, and password (hashed). Legal basis: Contract performance (Article 6(1)(b) GDPR). We do not require identity verification.

Trading Data: We collect API key configurations, trading activity logs, and performance metrics to provide our services. API keys are encrypted with AES-256. Legal basis: Contract performance (Article 6(1)(b) GDPR).

Usage Data: We automatically collect information about how you interact with the Platform, including browser type, device information, pages visited, and session duration. Legal basis: Legitimate interest (Article 6(1)(f) GDPR) for service improvement and security.

Communication Data: We retain records of support tickets, emails, and other communications you send to us. Legal basis: Contract performance and legitimate interest.

To provide, maintain, and improve our trading services and platform functionality.

To send you important notifications about your account, trading activity, and service updates.

To analyze usage patterns and improve user experience, platform performance, and trading strategies.

To detect, prevent, and address fraud, security issues, and technical problems.

To comply with applicable legal obligations and regulatory requirements.

We do not sell your personal data to third parties.

We share data only with: (a) cryptocurrency exchanges as needed to execute trades on your behalf, (b) payment processors to facilitate subscription payments, (c) analytics providers to improve our services, and (d) law enforcement when required by applicable law.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. Categories of sub-processors include: cloud infrastructure providers, payment processing services, communication and notification services, and analytics platforms.

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring personal data from the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including standard contractual clauses (SCCs) approved by the European Commission, or rely on adequacy decisions where applicable.

By using our Platform, you acknowledge that your information may be transferred to and processed in the jurisdictions described above.

Account data is retained for the duration of your active account plus 90 days after deletion to allow for recovery.

Trading data and performance metrics are retained for 3 years from the date of generation for regulatory compliance and dispute resolution purposes.

Communication records (support tickets, emails) are retained for 2 years from the date of last communication.

Usage analytics data is retained for 12 months, after which it is aggregated and anonymized.

Upon account deletion, we will remove or anonymize your personal data within the retention periods specified above, except where retention is required by applicable law.

Essential cookies: Required for the Platform to function properly, including session authentication, security features, and load balancing. These cannot be disabled.

Analytics cookies: Help us understand how users interact with our Platform so we can improve our services. These are optional and can be disabled through your browser settings.

Functional cookies: Remember your preferences such as language selection, theme choice, and display settings. These are optional and can be disabled.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality. We do not use advertising or tracking cookies.

We implement bank-grade security measures including AES-256 encryption, secure API communication (TLS 1.3), and regular security audits.

API keys are encrypted at rest and never exposed in plain text. We use trade-only API permissions to ensure your funds cannot be withdrawn.

While we strive to protect your data, no method of electronic storage is 100% secure. We encourage you to use strong passwords and enable two-factor authentication.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing clear information about the nature of the breach, the data affected, and the measures we are taking.

We maintain an incident response plan and conduct regular security assessments to minimize the risk of data breaches.

You have the right to access, correct, or delete your personal data (GDPR Articles 15-17). You can manage most of your data directly through your account settings.

You have the right to data portability (GDPR Article 20) — you may request a complete export of your data in a structured, commonly used, machine-readable format by contacting team@10quant.com.

You have the right to object to processing (GDPR Article 21) and to restrict processing of your personal data (GDPR Article 18) in certain circumstances.

You have the right to withdraw consent for data processing at any time, though this may affect your ability to use certain Platform features.

For California residents (CCPA): You have the right to know what personal information we collect, the right to request deletion of your personal information, the right to opt-out of the sale of your personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.

To exercise any of these rights, please contact us at team@10quant.com. We will respond to your request within 30 days.

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or Platform notification at least 30 days before they take effect.

For privacy-related inquiries, contact us at team@10quant.com.

For data protection officer matters or GDPR-related requests, you may also reach us at the above email address with "Data Protection" in the subject line.