Privacy Policy

QuantumSpring (operated by QuantumSpring s.r.o., Company ID: 23421380, registered address: Na příkopě 392/9, Staré Město, 110 00 Praha 1, Czech Republic) (hereinafter referred to as "Controller" or "we") places great emphasis on the protection of personal data. This privacy policy describes what personal data we collect and how we process it in accordance with the GDPR and Czech legal regulations.

What Data We Process

We process only the necessary personal data that you provide to us as users of our services or that arise from using the QuantumSpring platform. Specifically, we may process:

• • Identification data: first and last name, company name, Company ID and Tax ID (for business entities).
• • Contact information: email address, phone number, postal/billing address.
• • Account registration data: username (typically email) and password (stored in encrypted form), account information.
• • Payment and billing data: information necessary for payment processing (e.g., payment card data processed by secure payment gateway, billing information).
• • Technical data: data about your behavior and interaction with the service – IP address, device and browser information, access logs, cookies and similar technologies.
• • Project and development data: data you upload or connect from your development projects, repositories, and systems. This may include code, documentation, project metrics, and development workflows.

Purposes of Personal Data Processing

We process your personal data only for specific legitimate purposes. The main purpose is to enable you to use QuantumSpring services and provide you with our services in the required quality. Specifically, we may use the data for these purposes:

• • Service provision and operation: To create and manage your user account, enable access to the application, perform AI-amplified development services, and fulfill our contract.
• • Customer support and communication: To communicate with you about your account, answer questions, resolve technical issues, or send important notifications related to service operation.
• • Service improvement: To analyze how you use our service and evaluate feedback to continuously improve features, security, and user experience.
• • Security assurance: To prevent fraud, secure our system, and protect our rights. We may monitor system activities and implement necessary technical and organizational measures.
• • Marketing purposes: If you are our customer, we may use your email to occasionally send information about new features, updates, or similar service offers based on our legitimate interest in promoting our services.
• • Legal compliance: Some data must be processed to fulfill legal obligations, especially accounting and tax obligations.

Legal Basis for Processing

We process all personal data based on one of the legal grounds under GDPR Article 6:

• • Contract performance: Processing necessary for contract conclusion or performance with you as a user.
• • Legal obligation: Processing necessary to comply with generally binding regulations, mainly accounting and tax obligations.
• • Legitimate interest: Processing for our legitimate interests, provided they do not override your interests or rights.
• • Consent: For purposes not covered by other legal bases, we will request your consent.

Data Retention Period

We retain personal data only for the period necessary for the purposes for which they are processed:

• • Account data: Throughout the duration of the contractual relationship. After termination, we retain basic data for up to 3 years for potential legal claims.
• • Legal obligation data: For the period required by applicable laws (typically 5-10 years for accounting records).
• • Consent-based data: Until consent is withdrawn, then processed for deletion without undue delay.
• • Technical logs: Typically 6 months to 1 year from creation, unless longer retention is necessary for security reasons.

Sharing Personal Data with Third Parties

We do not share your personal data with third parties for their own marketing purposes. To ensure service operation, we use verified suppliers and technologies:

• • Cloud infrastructure: QuantumSpring operates on cloud platforms (e.g., AWS, Azure) with high security standards.
• • Payment services: We use external payment gateways for transaction processing.
• • Other processors: We may use third-party services for email delivery, customer support, or analytics tools.
• • Public authorities: We may provide data to state authorities in cases of legal obligation or official request.

Your Rights as Data Subject

As a data subject, you have several rights guaranteed by GDPR:

• • Right of access: You can request confirmation of whether we process your personal data and obtain a copy.
• • Right to rectification: You can request correction of inaccurate or incomplete data.
• • Right to erasure: You can request deletion of your personal data under certain conditions.
• • Right to restriction: You can request limitation of processing in certain cases.
• • Right to object: You can object to processing based on legitimate interest.
• • Right to data portability: You can request your data in a machine-readable format.
• • Right to withdraw consent: You can withdraw previously given consent at any time.
• • Right to file a complaint: You can file a complaint with the supervisory authority (Czech Data Protection Authority).

Contact Information

The controller of your personal data is QuantumSpring s.r.o., registered address: Prague, Czech Republic. For any questions regarding personal data processing or exercising your rights, please contact us:

• • Email: privacy@quantumspring.ai
• • Address: QuantumSpring s.r.o., Prague, Czech Republic

Changes to This Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our data processing or legal requirements. We will inform you of any significant changes in advance (e.g., by email or notification in the application). The current version of this policy will always be published on our website.

AI and Development Data Processing

As an AI-amplified software development company, we may process:

• • Code and repository data: Source code, commit history, and development metrics to provide AI-enhanced development services.
• • Development workflow data: Information about your development processes to optimize AI assistance.
• • AI interaction data: Your interactions with AI tools to improve service quality and personalization.

This data is processed to provide AI-amplified development services and is subject to the same privacy protections as other personal data.