Privacy Policy
Last updated: 23 February 2026
1. Introduction
QuantFrame ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services at quantframe.io (the "Service").
We process personal data in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) where applicable.
2. Data Controller
The data controller responsible for your personal data is:
QuantFrame
Email: contact@mirkovic.dev
3. Personal Data We Collect
We collect the following categories of personal data:
3.1 Account Information
- Email address
- Full name
- Password (stored in encrypted/hashed form)
- Username (if provided)
- Profile picture (if uploaded)
3.2 Assessment and Learning Data
- Quiz responses (9-question assessment)
- Learning progress and completion status
- Problem attempts and solutions
- XP points and achievements
- Journal entries you create
- Code submissions
3.3 Payment Information
- Subscription status and plan
- Payment history (processed by Stripe)
- We do NOT store your credit card details - these are handled securely by Stripe
3.4 Technical Data
- IP address
- Browser type and version
- Device information
- Usage data and analytics
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing our educational services | Contract performance |
| Generating personalized learning roadmaps | Contract performance |
| Processing payments and subscriptions | Contract performance |
| Sending service-related communications | Legitimate interest |
| Improving our services and user experience | Legitimate interest |
| Marketing communications (if opted in) | Consent |
| Analytics and usage statistics | Consent (cookies) |
5. Third-Party Services
We share your data with the following third-party service providers who process data on our behalf:
Supabase
Database hosting and user authentication. Servers located in the EU/EEA.
Stripe
Payment processing. Stripe is certified to PCI Service Provider Level 1. Stripe Privacy Policy
Vercel
Website hosting and deployment.
6. International Data Transfers
Some of our third-party service providers may process your data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognized data protection frameworks.
7. Data Retention
We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:
- Account data: Retained while your account is active and for 30 days after deletion request
- Learning progress: Retained while your account is active
- Payment records: Retained for 7 years as required by applicable accounting regulations
- Analytics data: Aggregated and anonymized after 26 months
8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data ("right to be forgotten")
- Right to restriction: Request limitation of processing
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us at contact@mirkovic.dev. We will respond within 30 days.
9. Cookies
We use only essential cookies required for the operation of our Service:
- Authentication cookies: Required for login and session management (Supabase)
- Payment cookies: Set by Stripe for secure payment processing
These cookies are strictly necessary for the Service to function and do not require consent. We do not use any tracking or analytics cookies.
10. Children's Privacy
Our Service is not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@mirkovic.dev.
11. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure authentication, and regular security assessments.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
13. Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. You may also contact us directly at contact@mirkovic.dev to address your concerns.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: contact@mirkovic.dev