Data protection

Privacy Policy

This Privacy Policy explains what information HB QuantFlow may process to operate the financial intelligence dashboard, user accounts, subscription access, support inbox, and payment audit workflow.

Effective: 2026-06-10Updated: 2026-06-10Keyword: QuantFlow Privacy Policy
This page is an operational website policy for production readiness. It is not a substitute for legal advice. Review with a qualified professional before full commercial launch.

1. Information we collect or process

QuantFlow collects only the information needed to operate accounts, protect the platform, provide support, manage subscriptions, and maintain payment traceability.

  • Account information such as username, email address, verification status, password reset status, role, and subscription status.
  • Security and access information such as login sessions, IP-derived request metadata, browser/user-agent logs, audit timestamps, and admin actions.
  • Billing information such as selected plan, billing cycle, payment provider, transaction reference, payment status, signature verification result, amount, and subscription update result.
  • Support information such as inbound email messages, contact form context, support thread references, and admin contact inbox history.

2. What QuantFlow does not store

QuantFlow is designed to keep high-risk payment and settlement information out of source code and public-facing logs.

  • QuantFlow does not store card numbers, CVV codes, online banking passwords, OTPs, or customer bank credentials.
  • VNPay hash secrets and production payment credentials should exist only in protected server environment variables or approved merchant systems.
  • Full bank settlement account details should not be stored in source code, ZIP releases, patch files, logs, or public chat.

3. How we use information

Information is used to operate the dashboard, authenticate users, process subscriptions, respond to support requests, detect abuse, investigate payment issues, and keep the public web service reliable.

  • Account data is used for login, email verification, reset flows, role checks, and entitlement decisions.
  • Payment audit data is used to confirm gateway status, prevent duplicate subscription grants, troubleshoot billing issues, and support reconciliation.
  • Security logs are used to detect unauthorized access, spam, scraping, brute force attempts, session abuse, and suspicious admin activity.

4. Cookies, sessions, and browser storage

QuantFlow uses secure session cookies to keep authenticated users logged in and to protect user/admin workflows. Production runtime should use security controls such as Secure, HttpOnly, SameSite, HTTPS, HSTS, and CSRF protection where applicable.

  • Session cookies help the platform recognize authenticated users and enforce plan access.
  • Cookies are not intended to store payment card details or VNPay secrets.
  • Disabling cookies may prevent login, admin access, subscription pages, or protected modules from working correctly.

5. Payment audit and VNPay data boundary

When VNPay is used, QuantFlow records payment events needed for audit and subscription activation. The system should store masked payloads, transaction references, response codes, transaction status, amount checks, signature verification status, idempotency result, and subscription update result.

  • Browser Return events are recorded separately from server-to-server IPN events.
  • Only verified IPN events should trigger automated subscription activation.
  • Raw gateway values may be stored in masked form for support, dispute review, and reconciliation.

6. Support inbox and email forwarding

Emails sent to support@hbquantflow.com may be received through the configured email provider, stored in the admin contact inbox, and forwarded to the configured support mailbox for handling.

  • Support messages may include the email address, sender name, subject, message body, timestamp, and provider metadata.
  • Users should avoid sending passwords, card numbers, VNPay secrets, full bank account numbers, or unnecessary sensitive documents by email.
  • Support records may be kept to resolve account, billing, and security questions.

7. Sharing and service providers

QuantFlow may rely on infrastructure, hosting, email, analytics, payment, and security providers to operate the service. These providers process information only as needed for platform delivery, billing, support, or security.

  • Examples may include hosting infrastructure, email delivery, inbound email processing, payment gateway services, logging, and security tooling.
  • Payment gateway processing is subject to the gateway provider rules and merchant configuration.
  • QuantFlow does not sell user account information to advertisers.

8. Retention and deletion

QuantFlow may retain account, payment, support, and security records for as long as needed to operate the service, resolve disputes, meet audit needs, investigate abuse, or satisfy applicable obligations.

  • Payment audit records may be retained longer than ordinary support messages because they help prevent duplicate grants and support transaction reconciliation.
  • Users may request account or privacy assistance by contacting support@hbquantflow.com.
  • Some records may be kept when retention is needed for billing, security, fraud prevention, or legal reasons.

9. Security practices

QuantFlow uses layered controls such as password hashing, admin allowlists, private admin paths, CSRF controls, secure cookies, HTTPS, audit logs, masked secrets, and restricted payment activation rules. No system is risk-free, but the platform is designed to reduce avoidable exposure.

  • Users should choose strong passwords and protect their email accounts.
  • Admins should never paste production secrets, full bank details, or private keys into chat, source code, screenshots, or patch notes.
  • Security concerns should be reported to support@hbquantflow.com promptly.

10. Contact

For privacy questions, account access concerns, support inbox questions, or data-related requests, contact support@hbquantflow.com with enough detail to identify the account and issue.

  • Do not include card numbers, passwords, hash secrets, full bank account numbers, or private identity documents unless a secure process is provided.

Privacy Policy FAQ

Does QuantFlow store my card number?

No. QuantFlow should not store card numbers, CVV codes, online banking credentials, or OTPs. Payment processing is handled by the configured payment gateway.

Why does QuantFlow store payment audit records?

Payment audit records help verify gateway callbacks, prevent duplicate subscription grants, investigate failed payments, and support billing reconciliation.

Can I ask about my account data?

Yes. Contact support@hbquantflow.com with your account email and a clear description of the request.

Are VNPay secrets stored in public code?

No. VNPay secrets should be stored only in protected server environment variables or approved merchant systems, not in source code, ZIP files, screenshots, or public chat.

Support contact: support@hbquantflow.com. For billing support, include account email, plan, payment time, amount, and transaction reference when available.
Never send card numbers, VNPay hash secrets, full bank settlement details, passwords, OTPs, or private documents through public chat.