Privacy Policy
Last updated: July 5, 2026
1Scope and who we are
This Privacy Policy explains how Soulquant, operated by Jules Ventures (a sole proprietorship of an individual operator based in Switzerland — see our Terms of Service for details), collects, uses, and protects information when you use the Soulquant platform (the "Service"). It applies to visitors of our website and to registered users of the Service.
2Data we collect
| Category | Examples | Why |
|---|---|---|
| Account data | Email address, hashed password or SSO identifier | Authentication, account recovery, notices |
| Exchange API credentials | API key + secret for your exchange account | To let your agent read data and place orders on your own exchange account — never for withdrawals |
| Configuration data | Your strategy text, risk settings, symbols traded | To run your agent the way you configured it |
| Trading & usage data | Trade history, run logs, agent decisions, token/compute usage, wallet balance | To run the Service, show you your dashboard, and bill for compute usage |
| Billing data | Payment method, billing address, transaction history | Processed by Stripe; we do not store full card numbers |
| Technical data | IP address, browser/device type, request logs | Security, abuse prevention, debugging |
| Support communications | Emails or messages you send us | To respond to you |
3How we handle your exchange keys
Exchange API credentials are encrypted at rest in a managed secrets vault. They are decrypted only in memory, only at the moment your agent runs, and only within the isolated process handling your run — never written to logs, never included in any AI model prompt beyond what's operationally required to place an order, and never visible to us in plaintext through any admin interface. We request only trade-and-read scoped permissions; we never ask for, and your keys should never be granted, withdrawal permission. Soulquant cannot move your funds off your exchange account under any circumstance available through the Service.
4How we use your data
- To provide, operate, and maintain the Service, including running your configured agent and executing orders you've authorized.
- To meter compute usage and bill your wallet or subscription accordingly.
- To communicate with you about your account, runs, trades, and material changes to the Service or these policies.
- To detect, prevent, and investigate fraud, abuse, or security incidents.
- To improve the Service — for example, understanding aggregate usage patterns. We do not use your individual strategy content or trade history to train models we sell or share, and we do not use it to trade for anyone but you.
5Subprocessors and third parties
We share the minimum data necessary with the following categories of service providers, each bound by their own data-processing terms:
- Payment processing — Stripe (billing, subscriptions, wallet top-ups). Stripe receives your payment details directly; we receive transaction confirmations and metadata, not full card numbers.
- Hosting infrastructure — our cloud/VPS provider(s) that run the application and database. They store encrypted data at rest and do not have application-level access to decrypted secrets.
- AI model providers — the LLM providers we route agent runs through (for example Anthropic, OpenAI, Google, or xAI, depending on the model selected for your system) receive the run context needed to generate a decision (market data, your strategy text, account state) but never your exchange API credentials. These providers may retain prompts/outputs subject to their own data-use terms; we select providers that offer commercial/API terms excluding training on your data where available.
- Exchange venues — the exchange(s) you connect (e.g. Bitunix) receive whatever an ordinary trading client sends them: orders, cancellations, and read requests, using your credentials, on your account.
We do not sell access to your data to any of the above, and we do not permit them to use it for purposes beyond providing their service to us.
6Retention and deletion
We retain account, configuration, and trading data for as long as your account is active, and for a reasonable period afterward to comply with legal, tax, and accounting obligations and to resolve disputes. You may request deletion of your account and associated personal data at any time by contacting us; exchange API keys are deleted from the vault immediately on account closure or on your request to disconnect an exchange. Some transaction records may be retained longer where required by applicable financial/tax law.
7International transfers
Because our infrastructure, payment processor, and AI model providers operate internationally, your data may be processed in countries outside your own, including outside Switzerland or the EU/EEA. Where required, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for such transfers.
8Your rights (GDPR / Swiss FADP / CCPA)
Depending on where you live, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; request a portable copy of your data; and lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at the address in Section 14 — we will respond within a reasonable time and, in any event, within the time required by applicable law.
9Cookies and tracking
Our marketing website does not currently use advertising or analytics cookies. The app itself uses strictly necessary session cookies/tokens to keep you logged in. If this changes — for example, if we add analytics — we will update this policy and, where required, request your consent.
10We do not sell your data
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. Any sharing described in Section 5 is solely to operate the Service you asked us to provide.
11Security
We use encryption in transit and at rest for sensitive data (in particular exchange API credentials), role-based access controls, and per-tenant data isolation in our database. No system is perfectly secure, and we cannot guarantee absolute security; if we become aware of a breach affecting your personal data, we will notify you as required by applicable law.
12Children
The Service is not directed to, and must not be used by, anyone under 18. We do not knowingly collect personal data from children.
13Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated to you (for example by email or in-app notice) before they take effect.
14Contact
For privacy questions or to exercise your rights, contact us at hello@julesventures.co.