Security
Queantic Analytics Security Commitments
Queantic Analytics is a privacy-first web analytics platform built for businesses tired of surveillance capitalism. If you're here, you're likely fed up with bloated scripts, creepy cookie banners, and data brokers. We are too. That’s why Queantic is designed to help you comply with GDPR, CCPA, and similar regulations without making tradeoffs on performance or ethics. Your site’s data is yours. Period.
TL;DR – Our Security Practices
- All data encrypted in transit and at rest
- Visitor data is irreversibly hashed
- Hosted on U.S.-based infrastructure
- Passwords hashed and salted
- Frequent software updates and public changelog
- Regular vulnerability scans
- Remote backups for disaster recovery
- Data access firewalled and tightly controlled
- Fully open source – audit everything
- Data exportable via CSV or API
- No personal data collected
- No credit/debit card data stored
- No data shared with third parties
- No outsourced infrastructure or developers
- No ads, no data sales, no tracking
We Don’t Want Your Data
Queantic exists to minimize what we collect. We don’t want to know who your visitors are. There’s no tracking, no cookies, no local storage, no fingerprinting. Instead, we process just enough to give you meaningful insights — and nothing more.
We hash IP addresses and User Agents using a daily-rotating salt that’s destroyed after 24 hours. This creates anonymous, non-linkable metrics. Raw data never touches disk.
Data Encryption & Anonymity
Your visitors’ data is encrypted both in transit and at rest. Our hash-based anonymization ensures even if someone did intercept traffic, there’s nothing useful to extract. We don’t just comply with best practices — we bake them in.
Server Location: U.S. Based
All data is hosted in the United States on secure servers. U.S. law governs all data storage, access, and protection. No foreign infrastructure. No offshore handling.
You Own the Data
We don’t mine it. We don’t sell it. We don’t touch it unless you ask us to. Queantic acts as a neutral, privacy-respecting analytics layer — not an adtech pipeline.
Export it. Delete it. It’s yours.
Auth & Access
Passwords are hashed and salted. Optional 2FA. All sessions expire after 14 days of inactivity or forced password reset. You can view and revoke active sessions at any time.
Only you can invite or remove users from your account.
Backups & Disaster Recovery
We perform frequent, remote backups. If something breaks, your data isn’t gone. We're prepared for catastrophic failure — but hoping not to test that.
No Subprocessors with Data Access
Only our hosting provider and CDN — both U.S.-based — are involved. Neither can view, export, or process your analytics data.
Payment Security
Payments are handled by Stripe, not us. We never see or store card data.
Uptime & Monitoring
Redundancy, rate-limiting, DDoS protection, and global monitoring help us maintain continuous uptime. You can view live availability on our [status page].
Report a Vulnerability
If you spot a flaw, let us know privately. We’ll fix it and credit you if you want. Please give us time to patch before public disclosure.
Queantic Is Built for the Privacy-Conscious
No cookies. No tracking. No loopholes.
Built and hosted entirely in the United States.
Sustained solely by paying customers. No investors. No ads.