Dpa
Queantic Data Processing Agreement
Thank you for using Queantic!
Queantic is proud to be an American based-company. While our data infrastructure complies with international standards, including the General Data Protection Regulation (GDPR), we are headquartered in the USA. Processing and storing data in a secure, fair, and transparent way is extremely important to us.
This Data Processing Agreement (“DPA”) is an addendum to the Terms of Service between Queantic and the customer.
If you are accepting this DPA on behalf of your customer, you warrant that: (a) you have full legal authority to bind your customer to this DPA; (b) you have read and understand this DPA; and (c) you agree, on behalf of your customer, to this DPA.
These service terms incorporate the Queantic Data Processing Agreement (“DPA”), when the General Data Protection Regulation (“GDPR”) applies to your use of Queantic services to process visitor data as defined in the DPA. We protect and secure your visitor data to the high standards set out in this agreement.
Definitions
“You” or “customer” refers to the company or organization that signs up to use Queantic to analyze website visitors.
In the course of providing the Queantic service to customer pursuant to the agreement, Queantic may process visitor data on behalf of customer.
In this Data Processing Agreement (“DPA”), “Data Protection Legislation” means the General Data Protection Regulation (Regulation (EU) 2016/679), and all other applicable laws relating to processing of visitor data and privacy that may exist in any relevant jurisdiction.
“Data controller”, “data processor”, “data subject”, “personal data” and “processing” shall be interpreted in accordance with applicable Data Protection Legislation.
The parties agree that the customer is the data controller and that Queantic is its data processor in relation to visitor data that is processed in the course of providing the service.
Privacy and Security of Your Visitor Data
We take many measures to protect and secure your data through backups, redundancies, and encryption. When you use our service to measure your website stats, Queantic will collect information about your visitors.
You entrust us with your site data and we take that trust seriously. You agree that Queantic may process your data as described in our data policy and for no other purpose. We strive to deserve that trust by being open about who we are, how we work, and keeping an open door to your feedback.
You own all rights, titles, and interests to your website data. We obtain no rights from you to your website data. We do not collect or analyze personal information from web users for advertising purposes. When using Queantic, you retain 100% ownership and control of your data. We do not sell or share your site data with any third parties, nor do we compromise your visitor’s privacy.
Even though the purpose of Queantic is to track website usage, this can be done without tracking, collecting, or storing any personal data or personally identifiable information (PII), without using cookies, and while respecting your visitors' privacy.
All site measurements through Queantic are carried out anonymously. We collect only essential data and avoid unnecessary tracking. All collected metrics fit on a single page.
We do not generate device-persistent identifiers, use cookies, browser cache, or local storage. We do not store or extract anything from visitors' devices. The data we process cannot identify any individual.
The affected data subjects are end-users of the controller’s websites utilizing the Queantic service.
More details on our data practices are available in our publicly accessible data policy.
Organizational and Technical Security Measures
All tracked data is secured, encrypted, and hosted on server infrastructure compliant with US and international data protection standards. Our infrastructure remains within US-owned and operated cloud systems, and GDPR-related data is treated with strict safeguards.
Data is encrypted using HTTPS in transit. We do not retain raw IP addresses or User-Agent strings. We also implement strict firewalls, encrypted networks, and offsite backups with bcrypt-secured credentials.
A more detailed overview of our security practices is available at queantic.com/security.
Processor’s Obligations to the Controller
Queantic processes visitor data only per the customer’s settings and instructions, including:
- (a) operating and supporting the service infrastructure,
- (b) following user-configured instructions in the platform,
- (c) processing only as outlined in the agreement.
Queantic shall promptly notify the customer if any processing instruction may violate applicable Data Protection Legislation.
We guarantee the confidentiality of processed visitor data.
Authorized Queantic personnel may access your data to assist with support or ensure service integrity. All such personnel are trained in data privacy and bound to confidentiality obligations under this DPA.
Queantic will implement and maintain appropriate technical and organizational security measures to protect visitor data from unauthorized processing, loss, theft, or alteration. These measures are proportional to the nature and sensitivity of the data.
Security Breach Notification
If Queantic becomes aware of any unauthorized or unlawful breach, destruction, loss, or disclosure of personal data, we will notify the customer without undue delay (within 48 hours). We will provide incident details, impact assessments, and ongoing updates until resolution. We will investigate and take steps to contain and mitigate the breach.
Queantic will not erase or alter visitor data without the controller’s documented instructions (unless required by law or applicable service terms), and will follow data retention rules set in the customer’s subscription plan.