Privacy Policy | SD Panthers AI, Quantum Studio & Automation Studio

1. Who We Are & How To Contact Us

SD Panthers LLC is the creator of Quantum Studio, Automation Studio, Neural Glass, and related AI tools. If you have questions about this policy or how we handle data, you can contact us at:

Email: info@sdpanthers.com
Security & privacy: info@sdpanthers.com

2. Information We Collect

Account & Identity Data

Firebase Authentication data (email, UID, organization ID).
Profile and team information (name, role, invited email).
Organization information (org name, plan, internal flags).

Product Usage & Content

Quantum Studio run objectives, generated code, and artifacts.
Automation Studio flow definitions, node configurations, execution logs.
Neural Glass / XR inputs and AI responses (e.g., prompts, screenshots, OCR text).
Feedback, ratings, and comments you submit.

Operational & Telemetry Data

Audit logs of security-sensitive actions (who did what, when, and in which org).
Metrics such as token usage, execution time, success/error rates.
Error logs (stack traces, endpoint, timestamp) for debugging and reliability.
IP address and basic device information where available.

Payment & Billing (Future Plans)

When paid plans are enabled, we may process billing information through a third-party payment processor (such as Stripe). Card details are processed and stored by the processor, not directly by SD Panthers.

3. How We Use Your Information

Service Delivery

Authenticate you and secure access to your organization.
Execute Quantum Studio runs and Automation flows that you configure.
Store and display your flows, runs, artifacts, and configuration.
Maintain audit logs and activity history for your org.

Monitoring & Reliability

Monitor performance (latency, error rates, throughput).
Detect and prevent abuse, fraud, and security incidents.
Track token usage and cost for alerts and billing.

Improvement & Support

Respond to support requests and debug issues.
Analyze aggregate usage patterns to improve features.
Run internal research and testing on anonymized or aggregated data.

Legal & Compliance

Comply with legal obligations and requests from authorities.
Maintain records needed for audits, incident investigations, and dispute resolution.

Contract (providing the Services) Legitimate interest (security & reliability) Consent (where required)

4. Legal Bases (for EU/UK Users)

Where GDPR or similar laws apply, we rely on the following legal bases:

Contract: to provide and operate the Services you sign up for.
Legitimate Interest: to secure the platform, prevent abuse, and improve performance.
Consent: for optional features such as certain marketing communications (if enabled).

5. Data Sharing & Third-Party Services

We do not sell your personal data.

Processors & Infrastructure

Google Cloud Platform: hosting, Firestore, Cloud Storage, Cloud Run, monitoring.
Firebase: authentication and related user management.
Email providers (e.g., SendGrid, Mailgun, SES): to send alerts and notifications.
AI model providers (e.g., Google, OpenAI, Anthropic): for model inference, using either your own API keys or managed keys (paid tiers).

When we use external providers, they act as our data processors under appropriate agreements, and we only share the minimum data required to operate the Services.

6. Data Retention & Backups

Quantum Studio runs and Automation flow runs are retained for a configurable period (defaults are typically around 90 days unless your org agrees otherwise).
Audit logs are kept longer (for example, around 12 months) to support security, compliance, and incident investigations.
Backups of Firestore and Storage are created to support disaster recovery, with defined retention windows (e.g., ~30 days for daily snapshots).

Retention settings may vary by plan or by organization policy. When data is deleted, it may remain for a limited time in backups before being permanently removed.

7. Your Rights

Your rights may include, depending on your region:

Access: request a copy of data associated with your organization (for example via our export APIs).
Rectification: correct account details or update organization information.
Erasure: request deletion of organizational data where technically and legally possible.
Restriction / Objection: ask us to limit certain types of processing.
Portability: receive data in a structured, commonly used format where applicable.

Many of these capabilities are available directly in the app via export/delete flows. You can also email info@sdpanthers.com for assistance with privacy requests.

8. Security

All traffic to our APIs and web UI is protected with TLS (HTTPS).
Data is encrypted at rest using Google Cloud’s encryption mechanisms.
API keys and sensitive secrets are stored encrypted and are never logged in plaintext.
Access is controlled via Firebase Authentication and per-organization authorization rules.
We maintain audit logs for security-sensitive actions and evaluate external pentests and findings.

No system is perfectly secure, but we design for least privilege, strong isolation, and rapid incident response. If you believe you have found a security issue, please contact info@sdpanthers.com.

9. International Transfers

Our primary infrastructure is currently located in the United States (for example, Google Cloud region us-central1). If you are accessing the Services from another region, your data may be transferred to, stored, or processed in the United States.

Where required by law, we will put in place appropriate safeguards for international transfers.

10. Children’s Privacy

Our Services are not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

11. Changes To This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will adjust the “Last updated” date at the top and may provide additional notice (for example, in the app UI or via email).

Your continued use of the Services after an update means you accept the revised policy.