kwant

Privacy Policy

Effective 6 July 2026 · Last updated 6 July 2026

This Privacy Policy explains what data Kwant ("Kwant", "we", "us") collects when you use the hosted quant-intelligence MCP service at https://kwant.sh, why we collect it, and your choices. We collect the minimum needed to run the Service, meter usage, and take payment. We do not sell your personal data.

1 · What we collect

DataWhy
Email address (at signup)To send your API key and account/billing notices, and to prevent abuse of trial credit.
API key hash (never the raw key)To authenticate requests without storing the secret. The raw key is shown once and not retained.
Prepaid balance & usage recordsTo meter priced queries, debit your balance, and enforce quotas. Includes per-call tool name, timestamp, and cost.
Bot-verification token (Cloudflare Turnstile)To confirm signups come from a human and block automated abuse.
Payment recordsPrepaid: handled by Stripe (we receive confirmation and reference IDs, not full card numbers). x402: an on-chain USDC transaction hash and wallet address.
Request/query parameters (e.g. tickers, dates)To run the tool you invoked. Passed to market-data providers as needed to fulfill the query.
Technical logs (IP, user agent, timestamps, error traces)Security, rate limiting, debugging, and abuse prevention. Handled largely by our edge provider.

The x402 keyless rail requires no email or account — payment is the authentication. In that flow we process only the on-chain payment data and the request itself.

2 · How we use it

We do not use your query contents to advertise to you, and we do not sell personal data.

3 · Service providers we share with

We share the minimum necessary with infrastructure and payment processors that act on our behalf:

We may also disclose data if required by law, to protect our rights or users' safety, or in connection with a merger or acquisition.

4 · Retention

We keep account data (email, key hash, balance, usage records) for as long as your key is active and as needed for billing, tax, and legal purposes, then delete or anonymize it. Technical logs are kept for a limited period for security and debugging. On-chain payment data cannot be deleted from the blockchain.

5 · Security

We store only a hash of your API key, enforce authentication and rate limits at the edge, and scope billing operations to atomic, per-customer ledgers. No system is perfectly secure — keep your API key secret and rotate it if you suspect exposure.

6 · Cookies & tracking

The landing page uses no advertising or analytics cookies. Cloudflare Turnstile may set a short-lived token to run its bot check on the signup form. The MCP API itself is stateless and does not use cookies.

7 · Your rights

Depending on where you live (e.g. under GDPR or PIPEDA), you may have the right to access, correct, delete, or export your personal data, or to object to certain processing. To exercise a right or delete your account and key, email us at the address below. We may need to verify your identity first.

8 · International transfers

The Service runs on globally distributed edge infrastructure, so your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

9 · Children

The Service is not directed to children under 16 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

10 · Changes

We may update this Policy. Material changes take effect when posted at this URL with a new effective date. Continued use after a change constitutes acceptance.

11 · Contact

Privacy questions or data requests: support@kwant.sh.

See also our Terms of Service. Kwant covers US & TSX equities; data is for research, not investment advice.