Privacy

Your data stays
yours.

This page explains exactly what QuantAI stores, what the AI sees, and what never leaves your account — written for researchers and dissertation students, not lawyers.

Last updated: January 2026

The short version

→Your raw data file is encrypted and stored in a private bucket only your account can access.
→The AI (Claude) never sees your data — it only receives the computed statistics and variable names you assigned.
→No individual participant responses, PII, or identifiers are ever sent to any AI model.
→You can delete any dataset from your dashboard at any time. Deletion is immediate and permanent.
→We do not sell your data, share it with third parties, or use it to train AI models.

What we store

Account dataYour email address and encrypted password (or OAuth token), subscription status, and analysis count. Standard account data.

Uploaded filesYour data file is stored in a private Supabase Storage bucket. Each file path includes your user ID and a randomly generated UUID, making it unguessable. No other user can access your files.

Variable mapAfter upload, QuantAI records the column names and detected types (continuous, binary, ordinal, categorical) from your file. This is used to display the variable picker — it does not include the values in those columns.

Analysis recordsThe computed statistics from each analysis (test statistic, p-value, effect size, assumption flags) and the AI-generated narrative. These are the numbers — not the underlying data.

Row countThe number of rows in your uploaded file, used to display dataset size in your dashboard.

We do not store: individual participant responses, identified data, free-text open-ended responses, or any column values from your dataset beyond the column names.

What the AI sees

QuantAI uses Claude (Anthropic) to write the APA Results paragraph after your analysis runs. Here is exactly what is sent to Claude, and what is not.

Claude receives

✓The name of the statistical test run
✓The computed output: test statistic, degrees of freedom, p-value, effect size
✓The variable names you assigned (e.g., "anxiety_score", "group")
✓Assumption check results: flag name and green/yellow/red status
✓Whether any automatic correction was applied (e.g., Welch's)

Claude never receives

✕Your data file or any rows from it
✕Individual participant scores or responses
✕Any personally identifiable information
✕Demographic values, open-ended text, or IDs
✕Your email address or account details

Anthropic's API processes the request and returns the narrative text. Per Anthropic's enterprise data policy, API inputs are not used to train models. See anthropic.com/privacy.

Deleting your data

You can delete any dataset from your dashboard at any time. Deletion:

→Permanently removes the file from Supabase Storage
→Deletes the variable map and all analysis records associated with that dataset
→Cannot be undone — there is no trash or recovery
→Takes effect immediately

To delete your entire account and all associated data, email hello@quantai.study. We will process the request within 7 days.

IRB and research compliance

QuantAI is designed to be compatible with standard IRB data handling requirements for secondary analysis of existing datasets. The computational process is equivalent to running your data through SPSS or R locally — the statistics are computed on QuantAI's servers, and only the results are returned to you.

What to state in your IRB protocol or Methods section: Data were analyzed using QuantAI (quantai.study), which uses scipy.stats and statsmodels for statistical computation. Raw participant data was uploaded to a password-protected, encrypted cloud service for analysis and deleted upon completion. No identified data was processed by AI systems; only aggregate statistical results were passed to the AI narrative engine.

If your IRB requires that data never leave your institution's servers, QuantAI is not the right tool for that protocol. We recommend downloading your results immediately after each analysis and deleting the dataset from your dashboard.

Security

Encryption at rest

All files and database records are encrypted at rest using AES-256 via Supabase.

Encryption in transit

All connections use TLS 1.2+. Data is never transmitted in plaintext.

Private storage buckets

Files are stored in private Supabase buckets. There are no public URLs. Access requires a valid authenticated session.

Row-level security

Database queries are scoped to your user ID. No query can return another user's data.

Third-party payments

Payment processing is handled by Stripe. QuantAI never sees or stores your card number.

SOC 2 infrastructure

Supabase (database/storage) and Vercel (hosting) are both SOC 2 Type II compliant.

Third-party services

Service	Purpose	What they receive
Supabase	Database, authentication, file storage	Your account data and uploaded files (encrypted)
Anthropic	AI narrative generation	Computed statistics and variable names only — no raw data
Stripe	Payment processing	Payment details directly — QuantAI never sees your card
Vercel	Web hosting and edge functions	HTTP request logs (standard CDN data)
Resend	Transactional email (receipts, password reset)	Your email address and message content

Questions or concerns

If you have privacy questions, data deletion requests, or IRB compliance questions, email us at hello@quantai.study. We respond to all research inquiries within 24 hours.

Your data staysyours.