Privacy Policy

The short version

• No accounts, no emails, no sign-ups required to use anything on this site.
• We use Google Analytics 4 (cookies, anonymous usage data) to understand traffic patterns.
• The API at api.quantoracle.dev logs your IP address for rate limiting (1,000 calls/IP/day free tier).
• Calculator inputs you type are sent to the API to compute the result, then discarded — not stored, not associated with you.
• We don't sell any data we collect. We don't rent it. We don't have a marketing email list.

What we collect

Via Google Analytics (cookies)

When you visit quantoracle.dev, Google Analytics 4 sets cookies and tracks:

• Pages visited, time on page, navigation flow
• Approximate location (city-level, derived from IP — never stored at the IP level)
• Device type, browser, OS
• Referral source (what site or search engine you came from)

We use this in aggregate to understand which calculators are popular and which content performs. We never look at individual users.

To opt out: use any ad blocker (uBlock Origin, Brave shields, Safari ITP) or Google's official GA opt-out browser extension. The site continues to work normally with GA blocked.

Via the API (IP + request data)

When the site (or your agent) calls our backend API, the server logs:

• IP address (used to enforce the 1,000-calls/IP/day free-tier limit)
• Endpoint called, timestamp, response time
• User-Agent header (to attribute traffic — see e.g. which AI assistant is calling)
• Request body content is processed for the calculation and discarded — not logged, not stored

IP addresses are retained for 90 days for rate-limit enforcement, then auto-deleted. We do not associate IPs with names, emails, or any other identifying data because we don't collect those to begin with.

Via x402 payments (on-chain only)

If your agent uses a paid composite endpoint, the USDC payment settles on-chain via the x402 protocol. The wallet address that signs the payment is publicly visible on the blockchain (Base or Solana). QuantOracle records:

• Transaction hash
• Payer wallet address
• Endpoint called, amount paid
• Network (Base mainnet or Solana mainnet)

This is the same data the blockchain itself records publicly. We aggregate it for our public /metrics endpoint but never associate it with any off-chain identity.

What we don't collect

• No email addresses — we don't have a signup form or marketing list.
• No names — there's nowhere to enter one.
• No phone numbers, no addresses.
• No financial information — the API doesn't accept credit cards. Payment is via on-chain crypto (x402) which is fully wallet-based.
• No fingerprinting beyond what GA4 collects by default.
• No social media tracking pixels — no Facebook Pixel, no LinkedIn Insight Tag, none of those.

Third parties

The third-party services QuantOracle relies on, and what each receives:

• Google Analytics 4 — usage analytics. Receives cookie-based session data. Subject to Google's Privacy Policy.
• Cloudflare — CDN, DDoS protection, and the x402 facilitator. Receives all HTTP requests (IP, headers, body). Subject to Cloudflare's Privacy Policy.
• Vercel — hosting the quantoracle.dev frontend. Receives standard hosting logs. Subject to Vercel's Privacy Policy.
• DigitalOcean — hosting the backend API. Standard server logs. Subject to DigitalOcean's Privacy Policy.
• Coinbase Developer Platform (CDP) — x402 payment facilitator on Base mainnet. Receives transaction signing data. Subject to Coinbase's Privacy Policy.

We don't share data with these services beyond what's technically necessary for them to perform their function (e.g., Cloudflare needs to see the request to deliver it; Vercel needs to see logs to run the site).

Cookies

The cookies used on quantoracle.dev:

• Google Analytics cookies (_ga, _ga_*) — anonymous usage tracking, 2-year retention by default, settable to anything from no-track to full tracking via your browser.
• Cloudflare cookies (__cf_bm, cf_clearance) — bot management and security challenge cookies, set when Cloudflare needs to verify the request isn't automated abuse.

No advertising cookies. No third-party tracking pixels. If you block all cookies, the calculators still work — they don't depend on client-side storage.

Your rights (GDPR, CCPA, et al.)

If you're in the EU/UK (GDPR), California (CCPA), or any jurisdiction with similar privacy law, you have the right to:

• Access any personal data we hold about you (likely: none, because we don't collect identifying data)
• Deletion of any personal data (same caveat — there's almost nothing to delete)
• Portability — receive a machine-readable copy
• Opt out of sale — we don't sell data, but the right exists
• Withdraw consent for analytics cookies at any time

To exercise any of these rights, contact us via GitHub Issues (a contact email is being set up — see the contact page for current channels). Be specific about what data you want to access or delete; we'll respond within 30 days as required by law.

Children

QuantOracle is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe we've inadvertently collected data from a child, contact us via GitHub Issues and we'll delete it.

Changes to this policy

We update this page when our data practices change. The change history is visible in the git commit log for this file. Material changes are announced via the QuantOracle RSS feed.

Contact

Questions or requests: GitHub Issues. See the contact page for current channels.