Terms and Conditions
End User License Agreement
General Risk Disclaimer
Privacy Policy

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how iQuant.fund ("we", "us", "our") collects, uses, stores, discloses, and otherwise processes personal information when you access or use iquant.fund and related products and services (the "Platform"). It also explains your rights and how to exercise them.

This policy applies globally and incorporates jurisdiction-specific supplements for residents of the European Economic Area ("EEA"), the United Kingdom, Australia, and California. Please read the relevant supplement applicable to your location.

1. Who We Are (Data Controller)

The Platform is operated and your personal information is controlled by IQUANT FUND LIMITED, a company incorporated in the Republic of Vanuatu (VFSC Company Number: 700732).

For all privacy enquiries, data subject requests, or complaints, please contact our Compliance team: [email protected]

We have assessed that we are not currently required to appoint a formal Data Protection Officer. If that assessment changes, we will update this policy and publish DPO contact details accordingly.

2. Information We Collect

We collect the following categories of personal information:

  • Account data – name, email address, password (hashed), account preferences, and subscription details provided when you register.
  • Usage data – pages viewed, features accessed, search queries, timestamps, session duration, and interaction logs.
  • Technical data – IP address, device type, operating system, browser type and version, referral URL, and error logs.
  • Communications data – content of messages you send us via email or support channels.
  • Payment data – billing address and payment method details, processed by our third-party payment processor. We do not store full card numbers.

We do not intentionally collect special category personal data (such as health, biometric, or political data) unless you voluntarily provide it or applicable law requires it.

The Platform is not intended for individuals under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a person under 18, please contact us immediately.

3. How We Use Your Information & Lawful Bases

We process personal information only where we have a lawful basis to do so. The table below sets out our processing activities and the corresponding lawful basis (referenced under GDPR Article 6 where applicable):

Purpose Lawful Basis (GDPR Art. 6)
Providing and operating the Platform (account creation, authentication, service delivery) Performance of a contract (Art. 6(1)(b))
Processing payments and managing subscriptions Performance of a contract (Art. 6(1)(b))
Responding to support requests and communications Performance of a contract / Legitimate interests (Art. 6(1)(b)/(f))
Improving Platform performance, security, and user experience (analytics) Legitimate interests (Art. 6(1)(f)) – we have assessed our legitimate interest in understanding usage patterns is not overridden by your rights
Sending product updates, technical notices, and security alerts Performance of a contract / Legitimate interests (Art. 6(1)(b)/(f))
Sending marketing communications (where opted in) Consent (Art. 6(1)(a))
Complying with legal, regulatory, or court obligations Legal obligation (Art. 6(1)(c))
Fraud prevention, security monitoring, and enforcing our Terms Legitimate interests (Art. 6(1)(f))

4. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, subject to the following retention schedule:

  • Account data: Retained for the duration of your account and for up to 7 years after closure for compliance and audit purposes.
  • Usage and technical data: Retained for up to 26 months (consistent with Google Analytics default retention), after which it is aggregated or deleted.
  • Communications data: Retained for up to 3 years from the date of the last communication.
  • Payment records: Retained for 7 years to satisfy applicable accounting and tax obligations.

We periodically review our data holdings and delete or anonymise data that is no longer required for any stated purpose.

5. Cookies & Analytics

We use cookies and similar tracking technologies on the Platform. The following table describes the categories of cookies we use:

Category Purpose Consent Required?
Strictly Necessary Authentication, session management, security. The Platform cannot function without these. No (exempt)
Analytics / Performance Google Analytics (GA4) – collects anonymised data on pages visited, session duration, and traffic sources to help us improve the Platform. IP anonymisation is enabled. Yes (EEA, UK) / Opt-out available (other regions)
Functional / Preference Remembers your language preference and display settings. Yes

You can manage or withdraw cookie consent at any time via our cookie settings banner or through your browser settings. Disabling certain cookies may affect Platform functionality.

6. Disclosure of Information

We may disclose personal information to:

  • Service providers acting as data processors on our behalf (e.g. cloud hosting, email delivery, payment processing, analytics). These providers are contractually obligated to process data only on our instructions and to maintain appropriate security.
  • Professional advisers (legal, accounting, insurance) under confidentiality obligations.
  • Regulatory and law enforcement authorities where required or permitted by applicable law.
  • Successor entities in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We do not sell, rent, or trade your personal information to third parties for their own commercial purposes.

7. International Data Transfers

We are based in Vanuatu and may process or store personal information using infrastructure or service providers located in Australia, the United States, Singapore, or other countries. Where personal data is transferred from the EEA or UK to a country without an adequacy decision, we implement appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), to ensure your data receives an equivalent level of protection. You may request a copy of applicable transfer mechanisms by contacting [email protected].

8. Data Security

We implement reasonable and appropriate technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration, or destruction. These measures include TLS encryption in transit, hashed password storage, role-based access controls, and secure cloud hosting. However, no transmission or storage method is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (where required by GDPR) and affected individuals where required by applicable law.

9. Automated Decision-Making & Profiling

The Platform uses automated quantitative models and AI to generate signals and market insights. These processes do not produce legal or similarly significant effects about individual users in the sense of Article 22 GDPR, as outputs are informational tools only and do not determine any entitlement, credit, employment, or similar decisions. If this changes, we will update this policy and provide the required disclosures.

10. Your Rights

Subject to applicable law, you have the following rights in relation to your personal information:

  • Access – request a copy of the personal information we hold about you.
  • Rectification – request correction of inaccurate or incomplete personal information.
  • Erasure ("right to be forgotten") – request deletion of your personal information where it is no longer necessary, or where you withdraw consent and no other lawful basis applies.
  • Restriction – request that we restrict processing while a dispute about accuracy or lawfulness is resolved.
  • Data portability – receive your personal information in a structured, commonly used, machine-readable format where processing is based on consent or contract (GDPR Art. 20).
  • Objection – object to processing based on legitimate interests, including for direct marketing (which we will always honour).
  • Withdraw consent – withdraw any previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or such other period as required by applicable law). We may need to verify your identity before processing your request.

11. Marketing Communications

We may send you product updates and information about the Platform. You may opt out of marketing communications at any time using the unsubscribe link in any email or by contacting us. Withdrawing consent for marketing will not affect the delivery of service-related communications.

12. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to you by posting a notice on the Platform or by email where practicable. The updated date at the top of this policy reflects the date of the most recent revision. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

Supplement A – EEA and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, the following additional information applies to you under the General Data Protection Regulation (EU) 2016/679 and/or the UK GDPR as retained by the Data Protection Act 2018.

A.1 Supervisory Authority Complaints

You have the right to lodge a complaint with the supervisory authority in your member state (within the EU) or with the UK Information Commissioner's Office (ICO) (in the UK) if you believe we have processed your personal data unlawfully. Details of EEA supervisory authorities are available at edpb.europa.eu. The ICO can be reached at ico.org.uk. We would, however, appreciate the opportunity to address your concerns before you approach the supervisory authority, so please contact us first.

A.2 Legal Basis Summary

See Section 3 above for a full table of processing activities and their lawful bases. Where processing is based on legitimate interests (Art. 6(1)(f)), you may request a copy of our Legitimate Interests Assessment by contacting [email protected].

A.3 Standard Contractual Clauses

Where personal data is transferred from the EEA or UK to Vanuatu or to other third countries without an EU/UK adequacy decision, we rely on the European Commission's approved Standard Contractual Clauses (Module 2: Controller to Processor) and/or the UK IDTA as the transfer mechanism. Copies are available on request.

Supplement B – California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act 2018 (as amended by the California Privacy Rights Act 2020, "CCPA/CPRA") provides you with specific rights regarding your personal information. This supplement describes those rights and how to exercise them.

B.1 Categories of Personal Information Collected (Cal. Civ. Code §1798.100)

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers – name, email address, IP address, account username.
  • Internet or network activity – browsing history on the Platform, search queries, interaction logs.
  • Commercial information – subscription plan, transaction history.
  • Inferences – preferences and usage patterns derived from the above to improve user experience.
B.2 Your CCPA/CPRA Rights
  • Right to Know – request disclosure of the categories and specific pieces of personal information collected about you.
  • Right to Delete – request deletion of your personal information, subject to certain exceptions.
  • Right to Correct – request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing – we do not sell or share personal information for cross-context behavioural advertising. If this changes, we will provide an opt-out mechanism.
  • Right to Limit Use of Sensitive Personal Information – we do not use sensitive personal information beyond the purposes listed in CPRA §1798.121.
  • Right to Non-Discrimination – we will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, contact us at [email protected] with the subject line "California Privacy Request". We will respond within 45 days, with a possible extension of a further 45 days where reasonably necessary.

B.3 Shine the Light (Cal. Civ. Code §1798.83)

California residents may request information about personal information we disclose to third parties for their direct marketing purposes. As noted above, we do not sell or disclose personal information for third-party direct marketing purposes. If our practices change, we will provide a Shine the Light disclosure in this policy.

Supplement C – Australian Residents (Privacy Act 1988)

If you are located in Australia, this supplement applies to you in addition to the rest of this Privacy Policy. We handle personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

C.1 Collection Notification (APP 5)

We notify you at or before the time of collection (or as soon as practicable thereafter) of: the identity of the data collector; the purposes of collection; the consequences of not providing information; any overseas disclosures; and your right to access and correct personal information. This Privacy Policy serves as that notification.

C.2 Access and Correction (APPs 12–13)

You have the right to request access to, and correction of, personal information we hold about you. We will respond to such requests within 30 days. In limited circumstances we may decline access (e.g. where disclosure would unreasonably impact another individual's privacy), in which case we will give you written reasons.

C.3 Overseas Disclosure (APP 8)

Personal information may be disclosed to service providers located overseas (including in the United States, Singapore, and Vanuatu). Before disclosing personal information overseas, we take reasonable steps to ensure that the recipient will handle the information in a manner consistent with the APPs.

C.4 Complaints to the OAIC

If you are dissatisfied with our response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact:

IQUANT FUND LIMITED
Privacy / Compliance Team
Email: [email protected]