Privacy Policy

We process two categories of data: account data (names, emails, firm membership, billing identifiers) and diligence data (trial balances, general ledgers, supporting documents that you or your target company upload to a project workspace).

For diligence data, your firm is the Data Controller and Project Quant acts as a Data Processor. We process diligence data only on your documented instructions to perform the service.

To deliver core features: ingestion, AI-assisted classification, EBITDA bridges, audit trails, exports, billing, and customer support. We do not sell data, and we do not train third-party models on your diligence content.

We use a limited set of vetted sub-processors for hosting, database, authentication, payments, and AI inference. The current list is available on request via the contact page.

Diligence data is retained for the active life of the project and 90 days afterwards, then permanently deleted unless your firm requests longer retention via contract. Account data is retained while the account is active.

You may request access, correction, export, or deletion of personal data we hold about you. Diligence data deletion requests should be made by your firm owner. Contact privacy@projectquant.app.

See our Security page for details on tenant isolation, encryption, access controls, and incident response.

Data may be processed in jurisdictions outside your country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

We will notify firm owners of material changes to this policy at least 30 days before they take effect.