Privacy Policy

Welcome to Quey Quantum ("we," "our," or "us"). We provide a hardware-backed True Random Number Generator (TRNG) API and related services through our website queyquantum.io (the "Service").

We respect your privacy and are committed to protecting your personal data in compliance with international standards, including the EU General Data Protection Regulation (GDPR) and the Israeli Privacy Protection Law (5741-1981).

1. Information We Collect

We practice strict data minimization. We only collect the information necessary to provide and secure our Service.

• Account Information: When you register, we collect your name, email address, and a unique user ID managed via Google Firebase Authentication.
• Usage Data: We track your API quota, bytes consumed, and active API keys to manage your subscription tier and prevent system abuse.
• Technical Logs: We automatically collect standard diagnostic data such as IP addresses, browser types, and API request timestamps to ensure infrastructure security.
• Payment Information: We do NOT collect, process, or store credit card details or billing addresses. All financial transactions and tax compliance (e.g., VAT/Sales Tax) are securely and independently handled by our Merchant of Record, Lemon Squeezy. We only receive webhook confirmations regarding your subscription status, variant IDs, and billing tier.
• Payment Information & Purchase Correlation: We do NOT collect, process, or store credit card details or billing addresses. All financial transactions and tax compliance (e.g., VAT/Sales Tax) are securely and independently handled by our Merchant of Record, Lemon Squeezy. To securely correlate your purchase with your API quota, we transmit an anonymized account identifier (UID) to our payment partner during the checkout process. We only receive webhook confirmations regarding your subscription status, variant IDs, and billing tier.

Note on Hardware-Generated Data: The entropy generated by our hardware and delivered to you via our API is pure cryptographic noise. It contains absolutely no personal data.

2. Cookies and Local Storage

We use strictly necessary cookies and local browser storage provided by Firebase Authentication. These are exclusively used to maintain your session securely when you log into the dashboard. We do not use analytical, tracking, or advertising cookies.

3. How We Use Your Information & Legal Bases (GDPR)

Under the GDPR, we must have a legal basis to process your data. We use your data strictly for the following purposes:

• Performance of a Contract: * To create, authenticate, and manage your account.
  • To deliver the QRNG API services and enforce rate limits/quotas.
  • To attribute the correct data quotas to your account following a successful subscription via Lemon Squeezy webhooks.
• Legitimate Interest:
  • To monitor hardware uptime (e.g., using automated status alerts) and secure our Cloud infrastructure.
  • To prevent fraudulent activity, DDoS attacks, and unauthorized access to our API.
  • To communicate important technical or security updates regarding the Service.

4. Third-Party Service Providers & International Data Transfers

We operate globally and rely on industry-standard infrastructure providers. Your data may be processed outside your country of residence.

• Quey Operations (Israel): Our core operations, R&D, and technical management are based in Israel. Note for European Users: The European Commission has recognized Israel as providing an adequate level of data protection, allowing data transfers to Israel without further safeguards.
• United States Subprocessors: Some of our backend infrastructure (including specific Cloud Functions) is hosted on US-based servers. We ensure that our US-based partners rely on legally recognized data transfer mechanisms under the GDPR, such as the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs). These subprocessors include:
  • Google Cloud Platform / Firebase: Used for database hosting (Firestore), user authentication, and Cloud Functions (e.g., us-central1 servers).
  • Lemon Squeezy: Acts as our Merchant of Record and Independent Data Controller for payment processing.
  • Discord: Used exclusively for internal hardware status monitoring. No personally identifiable user information is transmitted through these alerts.

5. Data Retention

We retain your Account Information and Usage Data only for as long as your account is active and necessary to provide you with the Service. Technical logs are purged regularly according to our internal security policies.

6. Data Security

We implement strict security measures, including SSL/TLS encryption for data in transit, token-based authentication for our API, and atomic transactions in our Cloud databases to prevent data collisions. While we strive to protect your personal information, no method of transmission over the Internet is 100% secure.

7. Children's Privacy

Our Service is strictly intended for professionals, researchers, and developers. It is not directed to anyone under the age of 18. We do not knowingly collect personal data from minors.

8. Your Data Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, Israeli Privacy Law), you have the right to request access to, correction of, or deletion of your personal data. You may also revoke API keys directly from your dashboard. To exercise these rights, please contact us at the address below.

9. Legal Identity & Contact

Quey Quantum is operated by:
[Your Full Name / Future Company Name Ltd.]
Israeli Registration Number (Osek / H.P.): [Number]
Registered Address: [Your Official Address in Israel]

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: contact@queyquantum.io