Privacy Policy

1. Overview & who we are

Quantum Academy teaches quantum computing by doing — interactive lessons, a visual circuit builder, an in-browser statevector simulator (≤20 qubits in the browser, ≤22 on the server) plus a stabilizer simulator (≤100 qubits, Clifford-only), an AI tutor, pay-per-use access to real quantum hardware, and completion certificates.

Quantum Academy is built and operated by DeeSha, a technology consulting firm founded in 2019 by Deepak Battini and based in Adelaide, Australia. DeeSha serves clients across four continents and has built 11 products. This policy covers both the marketing site (qu-academy.com) and the learning platform and API (platform.qu-academy.com).

When we say "we", "us" or "Quantum Academy" in this policy, we mean DeeSha as the operator of the service. By creating an account or using the platform, you agree to the practices described here.

2. What we collect

We only collect data that serves a clear purpose. Here is the full picture, grouped by type:

• Account data — your name, email address, and the profile information we receive when you sign in through an OAuth provider (for example, Google or GitHub). This is what identifies you on the platform.
• Learning data — your lesson progress, quiz scores, XP, streaks, achievements, and completion certificates. This is what lets us track how you are doing and prove what you have learned.
• Your creations — the circuits, programs, simulation runs, and hardware jobs you build and submit. These are your work; we store them so you can return to them and so we can run them for you.
• Billing data — records of plan purchases, invoices, and the hardware-credit ledger (credits are tracked as integer millicredits). Card details never touch our servers — they go directly to Stripe, our payment processor.
• Operational records — security audit logs and daily-usage counters used to enforce plan limits and keep the service safe and reliable.
• Contact messages — anything you send us through the contact form or by email. We store the submitter's IP address (from the cf-connecting-ip header) solely for investigating spam and abuse.

3. How we use it

We use the data above for specific, limited reasons:

• To provide the service — running lessons, simulators, and the circuit builder.
• To track your progress, award XP, streaks, achievements, and issue certificates.
• To enforce plan limits using daily-usage counters, fairly and transparently.
• To process payments through Stripe and maintain your credit ledger for hardware jobs.
• To keep the service secure — audit logs, abuse investigation, and rate limiting.
• To support you — replying to contact messages and resolving issues.
• To improve the product — understanding what works and fixing what does not, in aggregate.

We do not use your personal data to build advertising profiles, and we do not sell it. Tutor conversations may be processed by our AI provider to generate responses, as described in section 6.

4. Legal bases

Where privacy law asks us to name a legal basis for handling your data, we rely on a combination of:

• Your consent — for example, when you choose to share a profile or submit a contact message.
• Performing our contract with you — running the lessons, simulators, and certificate issuance you signed up for.
• Our legitimate interests — keeping the service secure, preventing abuse, and improving the product, balanced against your rights.
• Legal obligations — where we are required to keep records or respond to lawful requests.

You can ask us which basis applies to any specific use of your data at any time.

5. Cookies & local storage

We keep browser storage deliberately small:

• Session cookie — a single authentication cookie that keeps you signed in. Authentication is handled with better-auth on top of Neon PostgreSQL.
• Local storage — used for editor buffers, draft circuits, and UI preferences (such as theme or layout). This lives in your browser and is cleared when you clear site data.

We do not use third-party advertising or tracking cookies. There are no ad networks, no cross-site trackers, and no analytics that follow you around the web. The Cloudflare global network may set standard technical cookies required to serve traffic securely.

6. Third-party processors

To deliver the service we rely on a small set of trusted processors. Each handles only what is needed for its job:

• Stripe — payment processing. Stripe handles your card details directly; we only receive confirmation of the transaction and store invoices.
• AI providers — when you message the AI tutor, your message is sent to the configured model provider to generate a response.
• Quantum hardware providers — when you run a job on real hardware (for example IBM or IonQ), your circuit is sent to that provider. See section 7.
• Cloud infrastructure — Cloudflare Workers, Cloudflare R2 and KV, and Neon PostgreSQL host and move the service. Authentication is handled by better-auth on top of Neon.

Each processor is bound by its own terms and is used only for the purpose described. We do not grant any third party broad access to your data.

7. Submitting circuits to real quantum hardware

One of the most powerful things you can do on Quantum Academy is run your circuit on real quantum hardware from providers such as IBM and IonQ, on a pay-per-use basis funded by your prepaid hardware credits.

When you submit such a job, your circuit leaves our systems and is transmitted to the third-party hardware provider so they can execute it on their quantum processor and return the results. That provider processes your circuit under its own terms and policies.

8. Data retention

We keep your data while your account is active and for as long as reasonably needed afterwards to fulfil the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

• Active accounts — your learning data, creations, and certificates stay for as long as you use the platform.
• Closed accounts — we retain records such as invoices and audit logs as needed for accounting, tax, and security, then delete or anonymise them.
• Contact messages — kept for as long as needed to resolve the issue and investigate abuse, then removed.

You can request deletion of your account and associated personal data at any time through /contact. We will act on verified requests, subject to any legal retention requirements.

9. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Delete your data, subject to legal retention duties.
• Export a portable copy of your data (data portability).
• Withdraw consent where we rely on it, without affecting processing already carried out.
• Object to certain processing based on legitimate interests.

To exercise any of these rights, email us via /contact. We will respond within a reasonable timeframe and may ask for information to verify your identity.

As an Australian operator, we handle personal information in line with the Australian Privacy Principles (APPs). If you are in the EU, the UK, or another jurisdiction with comparable law, the GDPR or your local equivalent applies, and you may have the right to lodge a complaint with your data protection authority.

10. Security

We take reasonable measures to protect your data: encryption in transit (TLS), a managed PostgreSQL database on Neon, and the Cloudflare platform for delivery, edge security, and DDoS protection. Authentication is handled by better-auth, and access to production systems is tightly controlled.

No system is 100% secure. We cannot guarantee absolute security, but we work to make Quantum Academy as safe as reasonably possible and to respond quickly if an issue is found. If you believe you have found a vulnerability, please use the Security / Privacy category on the contact page rather than posting details publicly.

11. International transfers

Quantum Academy runs on a global stack. Traffic is delivered across the Cloudflare global network, data is stored on Neon PostgreSQL, and some of our processors (for example Stripe and several AI and hardware providers) are based in the United States. This means your data may be processed outside the country where you live.

Where this happens, we rely on the safeguards provided by those processors and applicable transfer mechanisms to keep your data protected to a comparable standard.

12. Children's privacy

Quantum Academy is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us via /contact and we will take steps to delete it.

13. Changes to this policy

We may update this policy from time to time to reflect changes in the service, the law, or our practices. When we do, we will revise the "Last updated" date at the top of this page. For significant changes we will aim to give you notice, for example through the platform or by email. Continued use of Quantum Academy after a change takes effect means you accept the updated policy.

14. Questions?

Privacy is a conversation, not a one-way document. If anything here is unclear, or you want to exercise a right under section 9, the fastest way is our contact page — pick the Security / Privacy category and we will route it to the right person. You can also reach the team behind Quantum Academy via deesha.tech.