EN|FREN|FRLast updated: January 24, 2026
This Privacy Policy explains how Steve Gordon ("the Publisher", "we", "us") collects, uses, and protects your personal data when you use this website ("the Service").
The core Service is currently provided free of charge during early access. Additional features may be introduced as paid offerings in the future. We do not display ads or sell user data.
Note: Participation in the Partner Program is subject to fees. Please refer to the Terms of Use (Section 8.5) for details on Partner Program pricing.
Steve Gordon Email: contact@qubixor.com
Contact is by email only; no postal address is published. Under GDPR, Steve Gordon is the data controller.
2.1 Data You Provide – Email (for login), name (optional), answers to assessment questionnaires, e-Learning progress, text fields and inputs.
2.2 Data Collected Automatically – IP address (temporary, security only), device and browser information, technical logs, authentication session cookies (NextAuth).
2.3 Data Generated by the Service – Assessment scoring and results, generated web reports, path certificates (holder name, path title, issue date; verification pages are publicly accessible), summaries or analyses produced by AI, assessment history and e-Learning progress.
2.4 Partner Program Data – If you are approved for the Partner Program, the following will be publicly displayed: company name, contact name, contact email, organization type, country, spoken languages, expertise areas; optionally website URL and LinkedIn URL. This information is intentionally public so organizations can contact you. By participating you consent to this disclosure. You may revoke your partner status at any time from your profile.
We do not track users for advertising or analytics.
Your data is used strictly for: creating and managing accounts; running assessments and generating reports; delivering e-Learning and issuing certificates; providing access to secure areas; improving the Service; ensuring security and preventing fraud; managing the Partner Program (for partners: public display of contact information).
We do not sell your data, and we do not use it for marketing.
3.1 Use of your assessment data – Your questionnaire answers and assessment data are used solely to generate and deliver your report and related services. E-Learning progress and path certificates are used solely to deliver e-Learning and issue certificates; certificate verification is public via a short link. We do not sell your personal data or raw assessment content to third parties.
Benchmarks and analyses – We use aggregated and anonymized data (e.g. by industry, company size, or region) to produce benchmarks on post-quantum maturity. These insights do not identify you or your organisation. By using our service, you accept that your data can contribute to such aggregated, anonymized outputs.
Your data may be processed by essential infrastructure providers:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | EU |
| Vercel | Hosting of frontend & API routes | USA |
| Resend | Transactional emails | USA |
| Cloudflare | DNS & security | USA |
| Self-hosted AI infrastructure | AI scoring & report generation | Private infrastructure (EU-based) |
Sensitive data (reports, assessment data, e-Learning progress and certificates) are stored in the EU (Supabase).
Private AI Processing – Your data is never sent to commercial AI providers (OpenAI, Microsoft, Google, Meta, Anthropic, or others). All AI processing is performed using self-hosted AI infrastructure on private servers. AI models do not learn from your data.
Data Processing Agreements (DPA) – Providers act as data processors on our behalf, contractually bound to comply with GDPR, located in the EU/EEA or certified under appropriate safeguards (e.g. Standard Contractual Clauses).
We retain personal data only for the time necessary to fulfill the purposes for which it was collected, in accordance with GDPR:
| Type of Data | Retention Period | Reason |
|---|---|---|
| Email account | As long as account is active | Service functionality |
| Assessment texts and responses | Until deletion by user | Service operation |
| Technical logs | 30 days | Security |
| Anonymized usage data | Indefinitely (until account deletion, then removed) | Benchmarking and service improvement |
You may request full data deletion at any time by contacting us at contact@qubixor.com.
No system is perfectly secure, but we follow industry best practices.
Some technical providers are located in the United States (Vercel, Cloudflare, Resend). They rely on appropriate GDPR safeguards (SCCs, DPA agreements).
Sensitive data (reports, assessment data, e-Learning progress and certificates) are stored in the EU (Supabase).
You may exercise at any time: Access – request a copy of your personal data; Rectification – correct inaccurate data; Erasure – request deletion; Data portability – receive your data in a structured format; Restriction of processing; Objection; Withdrawal of consent.
You can download all your personal data from your account settings (Dashboard → Profile → Export Your Data) as a JSON file containing account information, profile data, assessments and responses, reports, e-Learning progress and certificates, notifications.
To exercise these rights, use the self-service options in your account or contact contact@qubixor.com.
AI models are used to: analyze written answers, score assessment responses, summarize content, generate web reports. Processing is performed locally via self-hosted infrastructure. We do not use your data to train AI models.
The Service uses only essential technical cookies for authentication. No tracking, advertising, or analytics cookies.
We may update this policy when required. Users will be informed of major changes.
For any question regarding privacy:
contact@qubixor.com