Privacy Policy

1 Introduction

Welcome to Quantonic Legacy Innovations Pty Ltd ("Quantonic", "we", "us", or "our"). We are deeply committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains in detail how we collect, use, disclose, store, and safeguard your information when you:

• Visit our website at quantonic.com.au
• Use our products and services
• Communicate with us via email, phone, or contact forms
• Register for our newsletter or educational content
• Create an account or make purchases

2 Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us:

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version
• Usage Data: Pages visited, time spent, navigation paths, referring URLs
• Network Information: IP address, location data (city/country level)
• Cookie Data: Session IDs, preferences, authentication tokens
• Analytics Data: Click patterns, scroll depth, heatmaps (via Google Analytics, Microsoft Clarity, Contentsquare & Umami)

2.3 Information from Third Parties

We may receive limited information from:

• Payment processors (transaction confirmations)
• Social media platforms (if you connect your account)
• Data enrichment services (for business contacts only)
• Analytics providers (aggregated usage statistics)

3 How We Use Your Information

3.1 Primary Uses

• Service Delivery: Process orders, deliver products, provide customer support
• Communication: Respond to enquiries, send order updates, provide technical support
• Account Management: Maintain your account, manage preferences, enable features
• Payment Processing: Process transactions, prevent fraud, issue refunds
• Marketing: Send newsletters, product updates, promotional offers (with consent)
• Website Improvement: Analyze usage patterns, optimize performance, fix bugs
• Research & Development: Develop new products, improve existing features
• Security: Detect and prevent fraud, protect against threats, enforce terms

3.2 Marketing Communications

We will only send you marketing emails if you have:

• Explicitly opted-in via checkbox or signup form
• Purchased from us previously (we may send relevant product updates)

Every marketing email includes an easy unsubscribe link. We honor opt-out requests within 48 hours.

4 Information Sharing & Disclosure

4.1 Service Providers

We share limited information with trusted third-party service providers who assist our operations:

All service providers are bound by confidentiality agreements and can only use your data for the purposes we specify.

4.2 Legal Requirements

We may disclose your information when required by law:

• In response to court orders, subpoenas, or legal processes
• To comply with government or regulatory requirements
• To protect our rights, property, or safety
• To investigate potential violations of our Terms of Use
• To prevent fraud or criminal activity

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or website notice before your data becomes subject to a different privacy policy.

5 Data Security Measures

We implement industry-standard security measures to protect your personal information:

5.1 Technical Safeguards

• Encryption: SSL/TLS encryption for all data transmission (HTTPS)
• Password Security: bcrypt hashing with salt for password storage
• Database Security: Encrypted at rest, access controls, regular backups
• Network Security: Firewalls, intrusion detection, DDoS protection
• Access Control: Multi-factor authentication for admin access
• Code Security: Regular security audits, dependency updates

5.2 Organizational Safeguards

• Limited Access: Only authorized personnel can access personal data
• Employee Training: Regular privacy and security training
• Confidentiality Agreements: All employees sign NDAs
• Security Audits: Regular third-party security assessments
• Incident Response Plan: Documented procedures for data breaches

6 Cookies & Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device that help us improve your experience and understand how you use our website.

6.2 Types of Cookies We Use

6.3 Third-Party Cookies

We use the following third-party services that may set cookies:

• Google Analytics (GA4): Website analytics and usage insights
• Microsoft Clarity: Heatmaps and session recordings
• Contentsquare: User experience analytics and behavior insights
• Umami: Privacy-focused website analytics
• Payment Processors: Secure transaction processing

6.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Our Cookie Preferences: [Coming soon: Cookie preference center]
• Opt-out Tools: Google Analytics Opt-out

6.5 AI Assistant (Quarky)

Our website features Quarky, an AI-powered chatbot assistant. When you interact with Quarky:

AI Service Providers

• Google Gemini: Terms of Service | Privacy Policy
• Anthropic Claude: Privacy Policy
• OpenAI: Privacy Policy

7 Your Privacy Rights

Under Australian Privacy Principles (APP), GDPR, and CCPA, you have comprehensive rights regarding your personal information:

7.1 How to Exercise Your Rights

To exercise any of these rights, please:

1. Email us at privacy@quantonic.com.au
2. Use our Privacy Request Form
3. Write to us at our postal address (see Contact section)

We will respond to your request within:

• 30 days for requests under Australian Privacy Principles
• 30 days for GDPR requests (may extend to 60 days for complex requests)
• 45 days for CCPA requests (may extend to 90 days)

8 Data Retention Policy

We retain your personal information only as long as necessary for the purposes outlined in this policy and to comply with legal obligations.

8.1 Retention Periods

8.2 Secure Deletion

When data is no longer needed, we:

• Permanently delete it from active systems
• Overwrite database records
• Remove backups after retention period
• Securely destroy any physical copies

9 International Data Transfers

Quantonic is based in Australia. If you access our services from outside Australia, your information may be transferred to, stored, and processed in Australia and other countries where our service providers operate.

9.1 Data Transfer Safeguards

We ensure appropriate safeguards for international transfers:

• Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions
• Privacy Shield (where applicable): For transfers to certified US companies
• Binding Corporate Rules: For intra-group transfers
• Consent: In cases where other safeguards don't apply

9.2 Countries We May Transfer Data To

• Australia: Our primary operations and data storage
• United States: Cloud hosting (AWS, Google), analytics services
• European Union: Some service providers
• Singapore: Backup data storage

10 Children's Privacy

Protecting children's privacy is important to us. Our services are not intended for individuals under 18 years of age.

10.1 If We Learn We Have Child Data

If we become aware that we have collected personal information from a child under 18:

• We will delete that information as quickly as possible
• We will not use or share that information
• We will notify the parent/guardian if we have contact information

If you believe we may have information from a child under 18, please contact us immediately at privacy@quantonic.com.au.

11 Third-Party Websites & Services

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you.

11.1 Third-Party Services We Use

• Google Analytics: Privacy Policy
• Microsoft Clarity: Privacy Policy
• Contentsquare: Privacy Policy
• Umami: Privacy Policy
• Payment Processors: Subject to their own privacy policies
• Social Media: If you share content on social platforms

12 Data Breach Notification

Despite our security measures, data breaches can occur. We are committed to transparency and prompt action in such events.

12.1 Our Response Process

If a data breach occurs that is likely to result in serious harm, we will:

• Within 72 hours: Notify the Office of the Australian Information Commissioner (OAIC)
• Without undue delay: Notify affected individuals via email and/or website notice
• Immediate action: Take steps to secure systems and prevent further breach
• Investigation: Conduct thorough investigation and implement corrective measures

12.2 What We'll Tell You

Breach notifications will include:

• Description of the breach and what happened
• Types of information affected
• Potential consequences and risks
• Steps we've taken to address the breach
• Recommendations for protecting yourself
• Contact information for questions

13 Regulatory Compliance

Quantonic complies with multiple data protection frameworks to protect your privacy rights:

13.1 Australian Privacy Principles (APPs)

We comply with the 13 Australian Privacy Principles under the Privacy Act 1988:

• Open and transparent management of personal information
• Anonymity and pseudonymity options where practical
• Collection only when necessary
• Dealing with unsolicited information appropriately
• Notification of collection and purpose
• Use and disclosure limited to primary purpose
• Direct marketing opt-out options
• Cross-border disclosure safeguards
• Government identifier restrictions
• Quality and accuracy of information
• Security of personal information
• Access and correction rights

13.2 GDPR Compliance (EU Customers)

For customers in the European Union, we comply with GDPR requirements:

• Lawful basis for processing
• Data minimization and purpose limitation
• Right to be forgotten
• Data portability
• Consent management
• Data Protection Officer available

13.3 CCPA Compliance (California Customers)

For California residents, we provide additional rights under CCPA:

• Right to know what personal information we collect
• Right to know if we sell or share personal information (we don't)
• Right to deletion
• Right to non-discrimination for exercising rights
• Right to opt-out of sale (not applicable, we don't sell data)

13.4 Regulatory Contacts

If you have concerns about our privacy practices, you can contact:

• Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
• EU: Your local Data Protection Authority
• California: California Attorney General - oag.ca.gov/privacy

14 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 How We'll Notify You

For material changes, we will provide notice by:

• Email notification to registered users (at least 30 days before change)
• Prominent notice on our website homepage
• In-product notifications for account holders
• Updating the "Last Updated" date at the top of this page

14.2 Your Options After Changes

When we make material changes:

• You can review the new policy before it takes effect
• You may object to changes or withdraw consent
• You can delete your account if you disagree with changes
• Continued use after changes constitutes acceptance

14.3 Version History

• Version 2.1 - December 11, 2025: Added Contentsquare and Umami analytics disclosures
• Version 2.0 - December 11, 2025: Comprehensive update with GDPR/CCPA compliance
• Version 1.0 - December 2, 2025: Initial policy

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please don't hesitate to contact us: