Data Processing Agreement

Last Updated: December 31, 2025

This Data Processing Agreement ("DPA") is an integral part of the QuantPillar Terms of Service. It outlines the legal framework for the processing of Personal Data by QuantPillar Inc. ("Processor") on behalf of our Clients ("Controller").

1. Regulatory Compliance

This DPA is designed to ensure compliance with global data protection laws, including:

  • GDPR: General Data Protection Regulation (EU/UK).
  • CCPA/CPRA: California Consumer Privacy Act.
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada).

2. Processing Scope

2.1 Subject Matter: The processing of data required to provide QuantCore, QuantVal, and QuantTerminal services, including financial analysis, valuation reporting, and market intelligence.

2.2 Nature & Purpose: Storage, computation, analysis, and reporting of data to fulfill the obligations under the Terms of Service.

2.3 Categories of Data: Employee data (for Cap Tables), Shareholder data, Director/Officer information, and financial records.

3. Processor Obligations

QuantPillar commits to:

  • Instructions: Process Personal Data only on documented instructions from the Controller.
  • Confidentiality: Ensure all personnel authorized to process data are bound by strict confidentiality agreements.
  • Security: Implement industry-standard technical and organizational measures (TOMs) to secure data.
  • Breach Notification: Notify the Controller without undue delay (within 72 hours) after becoming aware of a Personal Data Breach.

4. Sub-processing

The Controller authorizes QuantPillar to engage third-party sub-processors (e.g., cloud hosting, payment processing) to support service delivery. QuantPillar remains fully liable for the performance of its sub-processors and ensures they meet equivalent security standards.

5. Audit Rights

To demonstrate compliance, QuantPillar will provide, upon written request, copies of relevant third-party security certifications (e.g., SOC 2 Type II report) and answer reasonable security questionnaires from the Controller.

6. International Transfers

For data transfers originating from the EEA/UK to countries not deemed adequate, the parties agree to rely on Standard Contractual Clauses (SCCs) to ensure lawful transfer.

7. Contact

For DPA-related inquiries:

QuantPillar Legal Compliance
Email: hello@quantpillar.com