Privacy & Policy

Updated: 2025-09-14

Overview

This Policy explains what we collect, how we use it, and how we protect data on the website, in the Telegram bot, and in our services.

By using the service, you agree to this Policy. This is a product notice, not legal advice.

What we collect

Account and contact data: Telegram ID/username/display name; email (if you send it); messages you send to us.

Wallet linking: networks and public addresses (never private keys).

Usage and device data: pages, clicks, referrer, hashed IP, user agent, timestamps, error and performance telemetry.

On-chain and public data

We analyse public blockchain and market data. Such sources are public by design and are not personal data under our control.

Requests (e.g., symbol or address analytics) can be logged to operate the service and improve reliability.

Cookies and localStorage

We use them minimally: language, session, anti-abuse. You may block them; some features may degrade.

How we use data

Provide and improve research and signals; routing and guarded execution; abuse prevention; support and communication.

We do not build advertising profiles.

Sharing with third parties

We do not sell personal data.

Processors: hosting (e.g., Vercel), storage, analytics (if enabled), error tracking, email/Telegram delivery.

Disclosure may be required to comply with law or to protect rights.

Security

Keys stay with you; we never request seed phrases. Data is encrypted in transit and at rest; access is role-scoped and logged.

We apply least-privilege access, MFA on critical systems, and change control for deployments.

International transfers

Processing may occur abroad. Where required, we use standard safeguards (e.g., SCC) or other lawful transfer mechanisms.

Your rights

EEA/UK (GDPR): access, rectification, erasure, portability, restriction/objection; right to lodge a complaint with a supervisory authority.

California (CPRA): access, deletion, correction, opt-out of sale/share; non-discrimination for exercising rights.

Children

The service is not intended for children under 13 (or higher minimum age in your jurisdiction).

Changes

We may update this Policy. We will revise the “Updated” date and, when appropriate, notify in-app or via channel.

Contacts

Email: quantuml7ai@gmail.com

Feedback bot: https://t.me/L7ai_feedback

Definitions and scope

“Service” means our websites, bots, APIs, and related applications. “We” means Quantum L7 AI.

This Policy covers data we process as controller. Vendor policies and blockchain networks have their own rules.

Legal bases (GDPR)

Contract: to provide requested features (routing, research, dashboards).

Legitimate interests: service reliability, security, abuse prevention, product analytics with minimal impact.

Consent: optional analytics/marketing where applicable; you can withdraw at any time.

Legal obligation: where we must retain or disclose data under law.

Data retention

We keep personal data only as long as necessary for the purposes described or as required by law.

Typical ranges: operational logs 30–180 days; support messages up to 12 months; legal records as mandated.

Subprocessors

Typical categories: hosting/CDN, object storage, email/Telegram delivery, monitoring, error tracking, basic product analytics.

We engage reputable providers under data-processing agreements and review their safeguards periodically.

Analytics and metrics

If enabled, we measure aggregate usage (pages, performance, feature adoption).

Analytics is configured to avoid sensitive data and to minimise personal data wherever practical.

Logging and telemetry

Operational logs may include timestamps, hashed IP, user agent, error traces, and request identifiers.

Logs are rotated, access-controlled, and used for debugging, capacity planning, and abuse detection.

Email and communications

If you contact us by email or bot, we process your message for support and record keeping.

We do not send marketing without consent. You can opt out at any time.

Webhooks and API

If you use our APIs or webhooks, payloads may be stored temporarily for reliability and replay protection.

Do not include secrets or private keys in requests; use appropriate auth and rotate tokens regularly.

Wallet linking specifics

We store networks and public addresses to enable features. We never request or store private keys or seed phrases.

Transactions you perform on-chain are public; we may index and annotate them for analytics and reporting.

Execution guardrails

Where execution or routing is supported, we apply guardrails (limits, risk rules, sanity checks).

These features are tools, not guarantees; you remain responsible for your decisions and compliance.

Research, models, and LLMs

We may train or evaluate models on aggregated and anonymised data where possible.

If third-party LLMs are used, we avoid sending personal data unless necessary and covered by agreements.

Automated decision-making

We do not make solely automated decisions with legal or similarly significant effects.

Recommendations and scores are assistive signals; final decisions remain with you.

Pseudonymisation and aggregation

Where feasible, we hash or aggregate identifiers to reduce privacy risk.

We separate keys from content and apply access controls to link them only when necessary.

Portability and export

You can request an export of your personal data associated with your account or bot identity.

We will provide it in a commonly used, machine-readable format unless legal limits apply.

How to exercise rights

Submit requests via email or our feedback bot. We may ask for reasonable verification (e.g., bot message from your account).

We respond within applicable legal deadlines. Some requests may be limited by law or security considerations.

Incidents and breach notification

We maintain incident response procedures. If a breach occurs, we will notify affected users and authorities as required by law.

We also conduct post-incident reviews and improve controls to prevent recurrence.

Jurisdiction-specific notices

EEA/UK: GDPR applies where we act as controller for users in these regions.

US: state privacy laws (e.g., CPRA) may give additional rights; we honour valid opt-out signals where feasible.

Do Not Track and GPC

Browsers may send Do Not Track or Global Privacy Control signals. Where legally required and technically feasible, we respect them.

Opt-out options

You can disable optional analytics/cookies, unsubscribe from emails, and limit bot permissions.

Core security and essential functionality may still require minimal processing.

Accessibility and language

We aim to provide clear explanations in multiple languages. If translations differ, the English version may prevail for interpretation.

DPO / privacy contact

Privacy contact: quantuml7ai@gmail.com (subject: Privacy). We aim to reply within 30 days.

Effective date and versions

This Policy is effective on the “Updated” date above. Prior versions may be archived for reference.

Appendix: Glossary

Controller: decides purposes and means of processing. Processor: processes on behalf of controller.

Personal data: information relating to an identified or identifiable person.

Appendix: Subprocessor list (summary)

Hosting/CDN (e.g., Vercel), object storage, email/Telegram delivery, error tracking, monitoring, basic product analytics.

A detailed up-to-date list is available on request.