Privacy Policy

Last updated: March 2026

1. Introduction

QNP ("we", "us", "our") operates the qnp.ai platform and API services. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

2. Data Collection

We collect the following types of information:

  • Account Information — Email address, name (from OAuth providers like Google or Apple), and authentication credentials.
  • Usage Logs — API request metadata including timestamps, model used, token counts, latency, status codes, and cost. We do not store the content of your API requests or responses.
  • API Request Metadata — Endpoint accessed, API key used (hashed), source IP address, and response status for security and rate limiting purposes.
  • Billing Information — Payment details are processed and stored by Stripe. We do not store your full credit card number.

3. Data Retention

API request logs are retained for 30 days and then automatically deleted. Account information is retained for as long as your account is active. Upon account deletion, your data is removed within 30 days.

4. Third-Party Services

We use the following third-party services:

  • Stripe — Payment processing and subscription management. Stripe's privacy policy applies to payment data.
  • MongoDB Atlas — Database storage for account data, API keys, and usage logs.
  • Cloudflare — CDN, DDoS protection, and edge worker hosting.
  • LLM Providers — When you make API requests, your prompts are forwarded to the upstream LLM provider (OpenAI, Anthropic, Google, etc.) according to their respective privacy policies.

5. Cookie Usage

We use HTTP-only cookies to store JWT authentication tokens for maintaining your login session. These are strictly necessary for the service to function. We do not use tracking cookies or third-party analytics cookies.

6. Your Rights

You have the right to:

  • Access — Request a copy of your personal data we hold.
  • Correction — Request correction of inaccurate personal data.
  • Deletion — Request deletion of your account and associated data.
  • Export — Export your usage logs via CSV from the dashboard.
  • Restriction — Request restriction of processing of your data.

To exercise any of these rights, please contact us at [email protected].

7. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR). Our legal basis for processing is: (a) performance of a contract when providing our services, (b) legitimate interest for security and fraud prevention, and (c) consent where required. You may withdraw consent at any time by contacting us.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS), hashed API keys (bcrypt), and access controls. However, no method of transmission over the Internet is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out at [email protected].