Privacy Policy

Last updated: February 2, 2026

Overview

QuantAssure is a security assurance platform that helps organisations manage their security posture by aggregating findings from security tools and services. This Privacy Policy explains how we collect, use, and protect your information when you use our platform. QuantAssure is operated by an Australian company and subject to Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Data We Collect

Account Data

When you create an account, we collect:

  • Email address
  • Name
  • Organisation name
  • Password (stored securely using bcrypt hashing)

Security Data via Integrations

When you connect your security tools, we may collect:

  • Repository metadata from GitHub (names, visibility, vulnerability alerts)
  • Device inventory from MDM tools like Mosyle (device names, OS versions, compliance status)
  • User directory information from identity providers
  • Policy documents you choose to sync for compliance and control effectiveness analysis
  • Cloud security findings from services like AWS Security Hub

Usage Data

We collect information about how you use QuantAssure, including pages visited, features used, and scan history. This helps us improve the platform and provide support.

How We Use Your Data

We use the data we collect to:

  • Provide and maintain the QuantAssure platform
  • Aggregate and analyse security findings across your connected tools
  • Generate AI-powered triage recommendations and risk assessments
  • Create compliance reports and audit trails
  • Send notifications about critical security findings
  • Improve our services and develop new features
  • Provide customer support

Data Storage

Your data is stored securely using industry-standard practices:

  • Structured data is stored in encrypted MySQL databases
  • Documents for AI context are stored in encrypted vector databases
  • All data is encrypted at rest and in transit using TLS
  • Multi-tenant isolation ensures your data is separated from other organisations

Third-Party Services

We use the Quant API for AI-powered analysis and recommendations. When you enable AI features, relevant security context is processed through this service to provide risk assessments and remediation suggestions. No personally identifiable information is shared with AI services beyond what is necessary for security analysis. Data processed by third-party services may transit infrastructure outside Australia; we use contractual and technical safeguards to protect it.

Data Retention

We retain your data for as long as your account is active. Security findings and scan history are kept to provide historical trend analysis and audit-ready evidence trails. If you close your account, we will delete your data upon request, subject to any legal retention requirements under Australian law.

Your Rights

You have the right to:

  • Access your personal data and security findings
  • Export your data in standard formats
  • Request deletion of your account and associated data
  • Update or correct your account information

To exercise these rights, contact us at assure@quantcdn.io.

Cookies

We use session cookies solely for authentication purposes to keep you signed in. We do not use tracking cookies or third-party analytics that track your behaviour across websites.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at assure@quantcdn.io.