Privacy Policy.

LAST UPDATED · APRIL 2026

Quintara Reports (“Quintara,” “we”) processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This policy explains what we collect, why, and what rights you have.

1. Data we collect

When you order a report or request our sample, we collect:

• Contact data: name (if provided), email address, optional PGP public key.
• Order data: the report type you selected, the company one-liner, and the question paragraph you submitted.
• Billing data: company name, address, and VAT number (collected only after scope confirmation, for invoicing).
• Technical data: IP address (hashed at request time), user agent, and referrer, recorded only for anti-fraud logs and retained for 30 days.

2. Analytics

We use Plausible Analytics by default — a privacy-first analytics tool that does not set cookies and does not collect personal data. No consent is required for Plausible under GDPR. If you accept the cookie banner, we additionally load Google Analytics 4 and Microsoft Clarity for richer product analytics. You can withdraw consent at any time via your browser’s site data controls.

3. Why we process data

• To deliver your report and communicate about scope (legal basis: contract).
• To send transactional emails (legal basis: contract).
• To send our monthly “field notes” (legal basis: explicit opt-in consent — unsubscribe in one click).
• To prevent fraud and maintain service security (legal basis: legitimate interest).
• To comply with tax and accounting obligations (legal basis: legal obligation).

4. Sub-processors

We share personal data only with the following sub-processors, all subject to a Data Processing Agreement:

• Neon (Postgres database, EU region) — order and email storage.
• Resend (transactional email, EU region) — delivery of confirmations and reports.
• Cloudflare (CDN + Turnstile anti-spam) — request routing.
• Vercel (hosting, EU region) — site delivery.
• Plausible (analytics, EU region) — privacy-first product analytics.

5. Retention

• Order records & invoices: 7 years (Dutch tax law).
• Sample requests & newsletter subscribers: until you unsubscribe.
• Anti-fraud logs: 30 days.

6. Your rights (GDPR / CCPA)

You have the right to:

• Access the personal data we hold about you.
• Request correction or deletion (right to be forgotten, subject to retention obligations).
• Restrict or object to processing.
• Receive your data in a portable format (JSON).
• Withdraw consent at any time.
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these rights, email contact@quintara-reports.com. We will respond within 30 days.

7. International transfers

All sub-processors store data within the EU/EEA. We do not transfer personal data to the United States or other third countries.

8. Children

Our service is intended for businesses. We do not knowingly collect data from children under 16. If you believe we have, contact us and we will delete it.

9. Changes

We will post material changes to this policy here and notify active clients by email.