Science & Data
Data & Security
Your fund data is the most sensitive information in your organization. We built QFT with that assumption from day one. This page explains what happens with your data, how it is protected, and what we will never do with it.
Your data stays yours
All data you upload to QFT is treated as Confidential Information under our User Agreement. This includes financial data, investment data, track records, fund documents, and any other information you provide.
Confidentiality obligations continue for three years after termination of the agreement. Your data is never sold, redistributed, or shared with other clients.
The short version
Your identifiable data is used exclusively for your analytics. It is not shared with other clients or third parties. Anonymized and aggregated market data (performance patterns, cash flow trends) contributes to improving our benchmarks and algorithms, similar to how providers like Burgiss or Preqin operate. This is contractually defined and excludes anything specific to you as a client.
AI and your data
QFT uses AI for data extraction, analytics interaction, and report generation. This raises a natural question: does the AI learn from my data?
The answer is clearly defined in our User Agreement:
What AI can use
Anonymous, aggregated market data
Fund manager investment and market data (e.g. performance patterns, cash flow trends) may be used to improve the platform, benchmarks, and algorithms, but only after permanent anonymization and aggregation. No individual client data. No personal data.
What AI cannot use
Anything specific to you
Your proprietary strategies, asset allocation decisions, internal procedures, financial performance, individual fund selections, and business opportunities are explicitly excluded from any AI processing beyond your own session.
This is not a policy decision that could change. It is a contractual obligation in our User Agreement, enforceable under German and EU law.
GDPR compliance
QFT is designed and built to comply with the General Data Protection Regulation (EU) 2016/679 . We apply GDPR protections to all users and all data processing activities in accordance with German and EU law.
What this means in practice
Data minimization: We collect and process only what is necessary for the services you use. Nothing more.
Purpose limitation: Your data is used only for the purposes specified in the agreement. No secondary use, no data monetization.
Data subject rights: Full support for GDPR Articles 15-22: right to access, rectification, erasure, restriction, portability, and objection. We honor all verifiable data subject requests.
Processing on your instructions: As a processor under GDPR Article 28, QFT processes personal data solely on your documented instructions.
Information security
QFT maintains technical and organizational measures consistent with industry standards for SaaS platforms and GDPR Article 32 requirements:
Access control
Role-based access restrictions and multi-factor authentication for all administrative systems. Your data is accessible only to authorized personnel.
Encryption
Encrypted transmission (TLS) and secure storage using reputable cloud service providers. Data at rest and in transit is protected.
Continuity
Routine data backup and business continuity procedures. Regular security patches and infrastructure updates.
Incident response
Security incidents reported to you without undue delay. Notification to the competent data protection authority within 72 hours where required by GDPR Article 33.
Where your data lives
QFT is a German company. Our infrastructure is hosted on European servers . Your fund data does not leave the EU, not through our platform and not through our AI processing.
The supervisory authority for data protection is the Bavarian State Data Protection Commissioner (Bayerisches Landesamt für Datenschutzaufsicht).
NDA and onboarding
Before any data upload, every client signs an NDA and User Agreement. The agreement covers confidentiality, data processing, AI governance, intellectual property, and security controls. It is governed by German law.
If your compliance team needs to review the agreement before you start, we can provide it in advance. Just reach out.
For your compliance team
This page summarizes the data governance framework described in our EU User Agreement. The full legal text, including the Data Protection Addendum, is available upon request or upon sign-up. If your organization requires a vendor security questionnaire or specific certifications, we are happy to cooperate.
Questions about data security?
We are happy to walk your compliance team through our setup.
Contact Us