Effective Date: 13.05.2026 | Version: 2.0
1. Introduction and Scope
This Privacy Policy describes how Quantum Neuron Inc. (“Quantum Neuron”, “we”, “us”) processes Personal Data in connection with the Quantum Neuron Dashboard available at https://brain.quantumneuron.ai (the “Dashboard”).
Quantum Neuron Inc. is a corporation incorporated and registered in the State of Delaware, United States of America, and is the default contracting and operating entity for the Dashboard. Although Quantum Neuron is established in the United States, this Privacy Policy is designed for the European market and is fully aligned with Regulation (EU) 2016/679 (“EU GDPR”), the United Kingdom General Data Protection Regulation (“UK GDPR”), and the United Kingdom Data Protection Act 2018.
This Privacy Policy applies exclusively to the Dashboard. Other Quantum Neuron properties, including marketing landing pages available at quantumneuron.ai and related domains, are governed by their own separate privacy notices.
This Privacy Policy does not govern the processing of Client Personal Data submitted by business clients for the operation of AI Personas, including End-User conversations, Lead Data, Outbound Communications, knowledge base content or integration data. Such processing is carried out by Quantum Neuron as processor or sub-processor and is governed by the applicable Master SaaS Agreement and Data Processing Agreement.
Access to the Dashboard is restricted to:
•authorized personnel of business clients of Quantum Neuron who have entered into a Master SaaS Agreement with Quantum Neuron and have been added to the Dashboard as members of the client’s team;
•authorized personnel of Quantum Neuron operating, supporting, and maintaining the Dashboard; and
•registered prospective users who have created a Dashboard account but have not yet entered into a Master SaaS Agreement, in which case access is limited to a meeting-booking flow described in Section 5.7.
The Dashboard is a business-to-business product intended for adult professional users only. Quantum Neuron does not knowingly collect Personal Data from any individual under the age of 18 through the Dashboard.
2. Controller, Data Protection Officer, and Representatives
2.1 Controller
Quantum Neuron Inc. is the controller of the Personal Data described in this Privacy Policy.
Quantum Neuron Inc., a corporation incorporated in the State of Delaware, with registered office at 169 Madison Ave STE 15768, New York, NY 10016, United States. General contact: contact@quantumneuron.ai. Privacy contact: privacy@quantumneuron.ai.
2.2 Data Protection Officer
Quantum Neuron has appointed a Data Protection Officer pursuant to Article 37 EU GDPR. The Data Protection Officer is Mr. Krzysztof Kochanowski. Contact: ido@quantumneuron.ai.
2.3 EU Representative (Article 27 EU GDPR)
Quantum Neuron Sp. z o.o., ul. Żurawia 6/12/745, 00-503 Warsaw, Poland. Contact: ido@quantumneuron.ai.
2.4 UK Representative (Article 27 UK GDPR)
Kochanowski Consulting Ltd, 151 Picton Road, Liverpool, Merseyside L15 4LG, United Kingdom. Contact: ido@quantumneuron.ai.
3. Our Role in Data Processing
Depending on the type of data and purpose of Processing, Quantum Neuron acts in different roles:
•Controller — in respect of Personal Data described in this Privacy Policy, including Dashboard account, authentication, account configuration, security telemetry, error monitoring, support communications, and data of prospective users using the meeting-booking flow.
•Processor — in respect of data submitted by our clients to the Dashboard for the purpose of operating their AI Persona deployments. This includes, without limitation, conversation content of End-Users, Lead Data, recipient data, Outbound Communications data, knowledge base content and integration data submitted by or on behalf of the client, to the extent such data is processed for the operation of the client’s AI Persona deployment. Such Processing is governed by the Data Processing Agreement (“DPA”) concluded between Quantum Neuron and the relevant client and is outside the scope of this Privacy Policy. The DPA is available at https://quantumneuron.ai/legal/m26/dpa.
If you are an End-User of an AI Persona deployed by one of our clients, or a recipient of an outbound communication initiated by one of our clients through the Services, the relevant controller of your Personal Data is the client that operates the AI Persona or campaign. You should consult that client’s privacy notice for information about the legal basis, purpose and scope of such processing.
4. Who This Policy Applies To
This Privacy Policy applies to the following categories of Data Subjects:
•Client Team Members — employees, contractors, and other authorized personnel of our business clients who have been granted access to the Dashboard by their organization.
•Quantum Neuron Personnel — our own employees and contractors operating, supporting, and maintaining the Dashboard.
•Prospective Users — individuals who have registered for a Dashboard account but whose organization has not yet entered into a Master SaaS Agreement with Quantum Neuron, in which case they are presented with a meeting-booking flow as described in Section 5.7.
5. Personal Data We Process and Purposes
5.1 Account and Profile Data
We process the following information about Dashboard users:
•name and surname;
•business email address;
•organization (client) the user belongs to;
•user role and permissions within the Dashboard;
•hashed credentials (passwords are stored only as bcrypt hashes with a unique cryptographic salt; we never store passwords in plain text or in any reversible form);
•account preferences (including selected interface language and account-level settings).
Purposes: providing access to the Dashboard, account administration, role-based access control, user authentication, and applying user preferences. Legal bases: Article 6(1)(b) EU GDPR (performance of the contract between Quantum Neuron and the client through which the user is granted access) and Article 6(1)(f) EU GDPR (legitimate interests of Quantum Neuron and the client in operating a secure user account system).
5.2 Authentication and Session Data
We process authentication events, session identifiers, login timestamps, IP addresses associated with sessions, and information necessary to maintain a secure logged-in state for the duration of the user’s session.
Purposes: authenticating users, maintaining session security, detecting and preventing unauthorized access, brute-force prevention, rate limiting, and account lock-outs in accordance with the guidelines of NIST SP 800-63B. Legal bases: Article 6(1)(b) EU GDPR and Article 6(1)(f) EU GDPR (legitimate interest in ensuring the security of our service).
5.3 Cookies and Local Storage
The Dashboard uses a strictly limited set of cookies and browser local storage entries, all of which are necessary for the functioning of the Dashboard. The Dashboard does not use any advertising, profiling, or third-party analytics cookies, and does not embed Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any equivalent tracking technology.
Storage type: Cookie
Identifier / category: Session authentication cookie
Purpose: Maintaining the user’s authenticated session.
Retention: Session (cleared on logout or session expiry).
Storage type: Local storage
Identifier / category: Account preferences (e.g., interface language, UI settings)
Purpose: Persisting account-level preferences across sessions on the same browser.
Retention: Until cleared by the user or browser.
Storage type: Local storage
Identifier / category: Dashboard AI Persona widget data (conversation identifier, conversation history)
Purpose: Operating the in-Dashboard AI Persona widget that assists users with the Dashboard.
Retention: Until cleared by the user or browser.
Because all cookies and local storage entries described above are strictly necessary for the delivery of the Dashboard requested by the user, no consent banner is required under Article 5(3) of Directive 2002/58/EC and corresponding national implementations. Users may, at any time, delete cookies and clear local storage through their browser settings, but doing so may impair the functioning of the Dashboard.
If we introduce any non-essential cookies, advertising cookies, profiling cookies or third-party analytics technologies in the Dashboard in the future, we will update this Privacy Policy and implement any consent mechanism required by applicable law before such technologies are activated.
5.4 In-Dashboard AI Persona Widget
After logging in, users have access to an in-Dashboard AI Persona widget designed to assist them in operating the Dashboard. The widget stores its operational state (conversation identifier, conversation history, and similar information necessary to maintain the conversation) only in the user’s browser local storage.
Conversation content exchanged through the widget is processed on Quantum Neuron’s underlying infrastructure for the purpose of providing the assistant functionality. Where required by applicable AI transparency rules, including Regulation (EU) 2024/1689 (the “AI Act”) to the extent applicable, the widget is designed to disclose to the user that they are interacting with an AI system at the start of the interaction. AI-generated outputs may be marked or technically identifiable where required or technically supported.
Legal bases: Article 6(1)(b) EU GDPR (performance of the contract between Quantum Neuron and the client) and Article 6(1)(f) EU GDPR (legitimate interest in providing user assistance within the Dashboard).
5.5 Error Monitoring and Session Replay (Sentry)
The Dashboard uses Functional Software, Inc. (“Sentry”) to monitor application errors, capture performance telemetry, and record session replays of front-end interactions. Session replay captures user interface events (such as clicks, navigation, and page rendering) for the purpose of diagnosing errors, reproducing bugs, and improving the stability and quality of the Dashboard. Sensitive form inputs and similar fields are masked at source to the extent supported by Sentry’s data scrubbing features.
We configure masking, scrubbing or equivalent controls for sensitive form inputs and user-entered content where technically supported by Sentry or the relevant diagnostic tooling. Session replay is used for diagnostics, security investigation and product stability purposes, not for advertising, profiling or behavioral marketing.
Purposes: application error diagnostics, performance monitoring, security incident investigation, and continuous improvement of the Dashboard. Legal basis: Article 6(1)(f) EU GDPR (legitimate interest in maintaining a secure, stable, and high-quality service). Location: Sentry processes such data within the European Union under a Data Processing Agreement concluded with Quantum Neuron.
5.6 Support Communications
If a user contacts Quantum Neuron through email or other support channels, we process the content of such communications, including any Personal Data contained therein, for the purpose of providing support, resolving issues, and maintaining a record of communications.
Legal bases: Article 6(1)(b) EU GDPR (performance of the contract) and Article 6(1)(f) EU GDPR (legitimate interest in providing customer support and maintaining records of communications).
5.7 Pre-Contract Meeting-Booking Flow (Calendly)
If a user creates a Dashboard account before their organization has entered into a Master SaaS Agreement with Quantum Neuron, the user is presented with an embedded meeting-booking widget operated by Calendly LLC (“Calendly”) in place of the standard onboarding journey. The widget allows the user, at their sole discretion, to schedule a meeting with a Quantum Neuron sales representative.
Information that the user enters into the embedded Calendly widget (such as name, email address, and any additional details the user chooses to provide) is collected directly by Calendly and processed by Calendly as an independent controller in accordance with Calendly’s own privacy notice. Quantum Neuron does not transmit any user data to Calendly through the embed; the user provides such data to Calendly through the widget on their own initiative.
Once a meeting is booked through the widget, Calendly notifies Quantum Neuron of the booking and shares the booking details with us. From the moment of receipt of such booking details, Quantum Neuron processes them as a separate, independent controller for the purposes set out below.
Purposes (Quantum Neuron’s processing of received booking data): preparing for and conducting the booked meeting; lead qualification; pre-contract communication. Legal bases: Article 6(1)(b) EU GDPR (steps taken at the request of the data subject prior to entering into a contract) and Article 6(1)(f) EU GDPR (legitimate interest in qualifying and responding to leads). Location: Calendly processes data in the United States. Where applicable, transfer mechanisms under Chapter V EU GDPR or UK GDPR apply, as further described in Section 9.
Calendly is not a Sub-Processor for Client Personal Data under the DPA. It is used only in the pre-contract meeting-booking scenario described in this Section. Where Calendly processes Personal Data in the United States, applicable transfer mechanisms under Chapter V EU GDPR or UK GDPR apply, as described in Section 9.
5.8 Security Telemetry, Audit Logs, and Operational Logs
We process security-relevant telemetry, access logs, audit logs, and similar operational data generated by use of the Dashboard, including IP addresses, user agent strings, device information, login and logout events, administrative actions, and error events.
Purposes: protecting the security, integrity, and availability of the Dashboard; preventing, detecting, and investigating fraud, abuse, and security incidents; complying with our legal obligations and demonstrating compliance with applicable Data Protection Laws. Legal bases: Article 6(1)(f) EU GDPR (legitimate interest in protecting our service) and Article 6(1)(c) EU GDPR (compliance with legal obligations, including those arising under Article 32 EU GDPR).
6. What We Do Not Do on the Dashboard
For the avoidance of doubt, on the Dashboard we do not:
•use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other third-party advertising or web analytics tools;
•place any advertising, profiling, or marketing cookies;
•share Personal Data with advertising networks or data brokers;
•sell or rent Personal Data;
•subject users to automated decision-making producing legal effects or similarly significantly affecting them within the meaning of Article 22 EU GDPR; or
•collect biometric identifiers or perform biometric categorization of users.
These statements apply to the Dashboard as operated by Quantum Neuron. They do not apply to third-party websites, platforms or communication channels operated by our clients or by independent third-party providers.
7. Use of Data for AI Model Training
Quantum Neuron does not use Personal Data of Dashboard users, in identifiable form, to train, fine-tune, or otherwise improve the AI models underlying its services. For purposes of model improvement, Quantum Neuron uses only data that has first been subjected to a documented, irreversible anonymization process and verified through a manual verification step. Following successful anonymization, the resulting data is no longer Personal Data within the meaning of applicable Data Protection Laws.
Anonymized data sets used for model improvement do not contain raw conversation logs and are not associated with any client, tenant, account, or user identifier.
Detailed terms governing the use of client-submitted data for AI model improvement, anonymization and non-production test environments, including the client’s right to opt out by notice or directly in the applicable Order Form, are set out in the DPA available at https://quantumneuron.ai/legal/m26/dpa.
8. Recipients and Sub-Processors
Personal Data described in this Privacy Policy is processed on the infrastructure of, or with the assistance of, the following service providers acting as our processors or, where indicated, as separate independent controllers:
Provider: Amazon Web Services EMEA SARL
Role: Processor
Function: Cloud infrastructure hosting the Dashboard.
Location: European Union (Ireland)
Provider: Functional Software, Inc. (Sentry)
Role: Processor
Function: Application error monitoring and session replay.
Location: European Union
Provider: Calendly LLC
Role: Independent controller in respect of data submitted by the user directly into the embedded booking widget. Quantum Neuron processes received booking notifications as a separate independent controller.
Function: Pre-contract meeting-booking widget embedded into the Dashboard for prospective users only.
Location: United States
Provider: Other authorized service providers and Sub-Processors
Role: Processor
Function: As listed in the Sub-Processor List, depending on the features, integrations, communication channels and configuration selected by the client.
Location: As listed in the Sub-Processor List
Not all Sub-Processors listed in the Sub-Processor List are used for every client deployment. The providers actually used depend on the Services, features, integrations, regions and communication channels enabled for the relevant client.
The complete and current list of sub-processors used by Quantum Neuron in connection with its services to clients is available at https://quantumneuron.ai/legal/m26/subprocessors. Calendly is not included in that list because it does not process Client Personal Data under the DPA; it is engaged solely in the pre-contract scenario described in Section 5.7.
We may also disclose Personal Data to: (a) competent public authorities, courts, or regulators where required by applicable law or in response to a valid legal process; (b) professional advisors (such as auditors, lawyers, and accountants) bound by appropriate confidentiality obligations; and (c) any successor in interest in the context of a merger, acquisition, or similar corporate transaction, subject to appropriate safeguards.
9. International Data Transfers
Quantum Neuron Inc. is a U.S.-incorporated company. As a result, certain Personal Data may be accessed by Quantum Neuron personnel located outside the European Economic Area or the United Kingdom. In addition, certain sub-processors and third parties (notably Calendly, which operates the pre-contract meeting-booking widget) process Personal Data in the United States.
Where Personal Data is transferred outside the European Economic Area or the United Kingdom, Quantum Neuron relies on appropriate transfer mechanisms under Chapter V EU GDPR or UK GDPR, including:
•the EU Standard Contractual Clauses approved by the European Commission in Implementing Decision (EU) 2021/914;
•the United Kingdom International Data Transfer Addendum issued by the Information Commissioner’s Office under Section 119A of the United Kingdom Data Protection Act 2018; and
•where applicable, decisions of the European Commission or the United Kingdom Secretary of State recognizing the adequate level of protection in the recipient country.
Where a Transfer Impact Assessment is required, Quantum Neuron has conducted, or will conduct, such assessment in accordance with the European Data Protection Board’s Recommendations 01/2020 and has implemented appropriate supplementary measures where necessary. A summary of such assessments is available on request.
For Client Personal Data processed by Quantum Neuron as processor, international transfers are governed by the DPA. For Personal Data processed by Quantum Neuron as controller under this Privacy Policy, Quantum Neuron relies on the transfer mechanisms described in this Section.
10. Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The following retention periods apply:
Category of Personal Data: Account and profile data of Dashboard users
Retention period: For the duration of the user’s account in the Dashboard, plus up to 30 days after deactivation, and then deleted, unless retention for a longer period is required by applicable law.
Category of Personal Data: Authentication and session data
Retention period: Session data: until session expiry. Authentication audit logs: up to 12 months.
Category of Personal Data: Cookies and local storage
Retention period: As set out in Section 5.3.
Category of Personal Data: In-Dashboard AI Persona widget data (browser local storage)
Retention period: Stored only on the user’s device until cleared by the user or the browser.
Category of Personal Data: Sentry error monitoring and session replay data
Retention period: Up to 90 days from the date of capture, in line with Sentry’s default retention policy.
Category of Personal Data: Support communications
Retention period: Up to 24 months from the date of resolution of the relevant matter.
Category of Personal Data: Pre-contract meeting-booking flow data (booking details received from Calendly)
Retention period: Up to 24 months from the date of last contact, unless the prospective user becomes a client of Quantum Neuron, in which case the data is retained as part of the client relationship.
Category of Personal Data: Security telemetry, audit logs, and operational logs
Retention period: At least 12 months and up to 24 months, in line with our internal security log retention policy.
Category of Personal Data: Billing, invoicing, and accounting records (where applicable)
Retention period: For the period required by applicable tax and accounting laws of the jurisdiction of the Quantum Neuron entity issuing the relevant invoice. Where invoices are issued by Quantum Neuron Inc. (the default), retention is determined by applicable United States federal and state tax laws and is typically up to seven (7) years. Where invoices are issued by Quantum Neuron Sp. z o.o. (only by exception, where expressly contracted with the client), retention is determined by applicable tax and accounting laws of the Republic of Poland and is typically five (5) years. Legal basis: Article 6(1)(c) EU GDPR (compliance with a legal obligation).
Where Personal Data is processed by Quantum Neuron as processor on behalf of a client, retention, return, deletion and anonymization are governed by the DPA and the client’s instructions, subject to the terms of the applicable Master SaaS Agreement and Order Form.
Upon expiration of the applicable retention period, Personal Data is deleted or irreversibly anonymized in accordance with our internal procedures, save where applicable law requires further retention.
11. Security of Processing
Quantum Neuron implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the Processing, in accordance with Article 32 EU GDPR. These measures include, without limitation:
•encryption of Personal Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);
•storage of authentication credentials only as bcrypt hashes with a unique cryptographic salt per credential;
•multi-factor authentication for administrative accounts;
•role-based access control and the principle of least privilege;
•network segmentation, firewalls, intrusion detection, and continuous threat monitoring;
•logging of security-relevant events and centralized monitoring;
•regular vulnerability scanning, dependency management, and security patching;
•annual external penetration testing;
•documented incident response procedures and 24/7 on-call rotation;
•regular backups of data, encrypted and stored within the European Economic Area;
•personnel confidentiality obligations and recurring security awareness training;
•documented sub-processor due diligence and ongoing monitoring;
•masking or scrubbing of sensitive fields in diagnostic, error monitoring and session replay tooling where technically supported; and
•access restrictions and retention controls for voice recordings, transcripts, SMS content, WhatsApp content, email content, call metadata and communication logs where such data is processed in connection with the Services.
Further details regarding our technical and organizational measures are set out in the Quantum Neuron Security Annex, which is made available to clients on request under appropriate confidentiality obligations.
12. Your Rights
Subject to the conditions set out in applicable Data Protection Laws, you have the following rights in relation to your Personal Data:
•Right of access — to obtain confirmation as to whether your Personal Data is being processed and, if so, to access such data and related information (Article 15 EU GDPR).
•Right to rectification — to obtain rectification of inaccurate Personal Data and completion of incomplete Personal Data (Article 16 EU GDPR).
•Right to erasure — to obtain erasure of your Personal Data where the conditions of Article 17 EU GDPR are met.
•Right to restriction of Processing — to obtain restriction of Processing where the conditions of Article 18 EU GDPR are met.
•Right to data portability — to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit such data to another controller, where the conditions of Article 20 EU GDPR are met.
•Right to object — to object, on grounds relating to your particular situation, to Processing of your Personal Data based on Article 6(1)(f) EU GDPR (legitimate interests), in accordance with Article 21 EU GDPR.
•Right to withdraw consent — where Processing is based on your consent, you may withdraw such consent at any time, without affecting the lawfulness of Processing carried out before the withdrawal.
•Right not to be subject to automated decision-making — not to be subject to a decision based solely on automated Processing, including profiling, that produces legal effects concerning you or similarly significantly affects you (Article 22 EU GDPR). As stated in Section 6, the Dashboard does not subject users to such decision-making.
To exercise any of these rights, please contact us at privacy@quantumneuron.ai or our Data Protection Officer at ido@quantumneuron.ai. We will respond to your request without undue delay and in any event within one month of receipt, in accordance with Article 12(3) EU GDPR. That period may be extended by two further months where necessary, taking into account the complexity and number of requests, in which case we will inform you of such extension and the reasons for it within the initial one-month period.
If your Personal Data is processed by Quantum Neuron as processor on behalf of one of our clients, including conversations with End-Users of an AI Persona deployed by that client or recipient data used for Outbound Communications, we may redirect your request to the relevant client, who is the controller responsible for responding to your request.
13. Right to Lodge a Complaint
If you believe that our Processing of your Personal Data infringes applicable Data Protection Laws, you have the right to lodge a complaint with the competent supervisory authority, in particular:
•the supervisory authority of the European Economic Area Member State of your habitual residence, place of work, or place of the alleged infringement, in accordance with Article 77 EU GDPR; or
•the United Kingdom Information Commissioner’s Office (ICO), where you are subject to the UK GDPR.
By way of reference, the supervisory authority of the European Economic Area Member State in which our EU Representative is established is the President of the Personal Data Protection Office of Poland (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl. The supervisory authority for the United Kingdom is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom, https://ico.org.uk.
We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us at privacy@quantumneuron.ai.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The current version is identified by the version number and effective date set out at the top of this document. Material changes will be communicated to Dashboard users by email or by a prominent notice within the Dashboard at least 30 days before such changes take effect. Prior versions are maintained under our version control system and are available on request.
15. Contact
If you have any questions or concerns regarding this Privacy Policy, please contact us:
•Privacy contact: privacy@quantumneuron.ai
•Data Protection Officer: Krzysztof Kochanowski, ido@quantumneuron.ai
•EU Representative (Article 27 EU GDPR): Quantum Neuron Sp. z o.o., ul. Żurawia 6/12/745, 00-503 Warsaw, Poland; ido@quantumneuron.ai
•UK Representative (Article 27 UK GDPR): Kochanowski Consulting Ltd, 151 Picton Road, Liverpool, Merseyside L15 4LG, United Kingdom; ido@quantumneuron.ai
•Postal address: Quantum Neuron Inc., 169 Madison Ave STE 15768, New York, NY 10016, United States
