Like for any website, for every visited page, the server delivering the web pages records user data in so-called log files:

• IP address
• Visited page
• Time of visit

Technically, the IP addresses and times of visit allow to identify any web user. Quant Castle does not make that step. The web server logs are not exploited for any business analytical or analytical purpose. The entries are only used for periodically checking that the web server runs error-free. The logs may also be used to investigate suspect behaviors such hacking attempts, spams etc.

Both anonymous user's Internet Service Provider and Quant Castle's host, Amazon Web Services, record similar data. They may keep these on the long-term, share them and sell them to make profits. Browsing the web in Private / Incognito windows and using https do not increase your privacy in that respect.

The anonymous visitor who is concerned by server logging is advised to use a VPN. For a limited usage Opera offers an embedded free VPN. For specific applications Tor is also free. For a daily usage, inexpensive solutions, often sold together with password managers and secure clouds, accepting cryptocurrencies, such as NordVPN, are recommended.

Though Quant Castle will process all the requests submitted to delete IP addresses from its own logs. Such requests can be submitted to info@quantcastle.io.

Cookies are records left by the web page (possibly by a technical service provider of the website) in the user web browser, unless explicitly blocked. They persist until the next visit, unless explicitly deleted. They can be consulted by the originating website as well as by other websites.

Quant Castle does not issue own cookies and does not read cookies that may potentially about the the anonymous user.

Quant Castle makes use of technical service providers to supports the web functionalities, who store cookies under the quantcastle.io domain.

The technical service provider of the chat widget is Chaty. If the anonymous user does not use the widget, the cookies are limited to the ones placed by Chaty. By default, Chaty deposits the following 5 functional cookies in the client's browser, expiring after a period of 1 year:

If the anonymous visitor makes use the chat widget, additional cookies may be placed by the solicited services, currently WhatsApp, Line, LinkedIn end Skype. Quant Castle does not have access to the personal data introduced in the web browser when starting a conversation through the widget.

Quant Castle does not use, process, share or sell any anonymous user data that could be derived from cookie inspection. Quant Castle receives a dashboard from Chaty summarizing to the usage of the chat widget. Through Chaty, Quant Castle has access to aggregated anonymous statistics:

• Number of unique visitors on quantcastle.io (cookie-based)
• Number of clicks on the chat widget
• Type of device

These are provided to Quant Castle under the form of the following dashboard:

When using one of the available communication channels the specific privacy policy of that communication channel applies.

Although Quant Castle does not make use of tracking and marketing cookies, the anonymous visitor concerned by the cookies is very welcome to adjust the web browser settings to its desired privacy level. All the web browsers offer varieties of options.

Quant Castle does not make use of third-party cookies.

Like cookies, site data are data deposited by the web page in the web browser. Nonetheless, unlike cookies, they are only visible and editable by the originating web site.

Quant Castle does not make use of site data.

Like with cookies, technical service providers may read and record site data under quantcastle.io name. Chaty stores its session id's in quantcastle.io site data.

Site data can be consulted thanks to appropriate browser extensions.

Chaty uses site data on behalf of quantcastle.io to determine the number of unique visitors for billing information.

Site data can be automatically deleted at the end of the visit in Private / Incognito windows of when closing the browser, exactly like cookies.

Digital fingerprints are unique combinations of browser and device parameters aimed at identifying the visitor. More information about digital fingerprints can be found on https://www.amiunique.org.

Quant Castle does not make use of such techniques, or any other technique aimed at identifying the anonymous visitor.

Quant Castle's website makes use of reputed vendor javascripts:

• Bootstrap
• JQuery
• Typed.js
• SimpleLightbox
• Select2
• intl-tel-input
• Font awesome
• Pdf.js

These scripts are widely used. However, by running code, they can technically place cookies and collect information. Quant Castle is transparent and is not involved in such technically possible activites.

Quant Castle makes use of HTTPS encryption on the on quantcastle.io domain. The encryption system used is asymmetric cryptography, with an elliptic key of 348 bits (equivalent to a 6980-bit RSA key).

The anonymous visitor must be aware that HTTPS encryption does not make any difference when browsing the web anonymously. The URL's remain not encrypted when using HTTPS, allowing network intermediates to track the visitors. The visited pages can be consulted by anyone who possesses their URL's. HTTPS encryption becomes useful when filling in forms, uploading files, exchanging credentials, chatting etc.

Using a VPN adds an extra encryption layer, which includes coding URL's. Internet Service Providers will not be able to record the visited pages.

Secure Send is a tool developed by Quant Castle to submit work packages over HTTPS. Secure Send enforces end-to-end encryption as an alternative to attachments hoping from mail server to mail server. The content is protected by Quant Castle's 348-bit elliptic key (equivalent to a 6980-bit RSA key).

Secure Send requires an ongoing project with Quant Castle to submit a file. The Project Id must be mentioned. Quant Castle associates the provided data to a submission:

• Sender e-mail
• Project Id
• File attached

The hCatptcha service is used for human verification. Quant Castle does not have access to the data collected by hCatptcha.

Quant Castle's website offer the possibility for fellows to register. The data provided by the registered users are solely used to contact these to offer job opportunities. The collected data are not shared or sold.

The provided data will be stored in Quant Castle's database:

• E-mail
• First name
• Last name
• Sex
• Date of birth
• Nationality
• Main university
• Second university
• Diploma
• Graduation date
• Mobile number (optional)
• Web site (optional)
• Contact method
• Password (submitted over HTTPS and stored one-way encrypted)

The hCatptcha service is used for human verification. Quant Castle does not have access to the data collected by hCatptcha.

To provide a seamless experience the optional phone number is prefilled with the country code linked to the user's IP address. To determine the country code, the user's browser queries https://ipapi.co thanks to a javascript running into the registration form. Quant Castle's server is not involved in the geolocalisation process and does not store any resulting data. If the country code is not updated into a mobile number by the user, Quant Castle disregards the country code and stores an empty phone number instead.

The stored data can be amended anytime in the Credentials and Profile pages.

Quant Castle does not keep the prior versions of the modified data.

The user profile can be deleted in the Profile page in the Account section.

As a precaution against mistakes and fraud, Quant Castle operates a soft delete when clicking on the Delete button, meaning that the data remain in the database but are not accessible anymore online. The user records are destroyed by a shredding script after 30 days.

The user is tracked by means of a so called CSRF (Cross-Site Request Forgery) token insereted by Quant Castle's server in the HTML code from the first visited pages. When the user logs in, a session is attached to the token on the server side. The CSRF tokens and sessions expire after 2h of inactivity.

The registered used has the possibility, but the not obligation, to upload a resume, thesis, picture and other relevant documents. The attachments are destroyed without any remaining copy saved when clicking on the garbage button of the Attachments page.

In case of soft delete of the profile, the existing attachments will be deleted after 30 days by the shredding script.