Version 1.0 — Effective Date: March 14, 2026
Northbeam Solutions LLC ("Company," "we," "us," or "our"), located at 8 The Green Ste B, Dover, DE 19901, operates the QAE Safety Kernel API and QAE-FinRisk API (collectively, the "Services") and the developer portal at https://api.qaesubstrate.com (the "Portal").
This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Services and Portal. By using our Services, you agree to the practices described in this policy.
Our APIs are stateless certification engines. We do not collect or store portfolio contents, market data inputs, action parameters, state deltas, or certificates issued by the API. All input data is processed in memory and discarded when the response is returned.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Services | Performance of contract |
| Authenticate your identity and manage your account | Performance of contract |
| Process payments (via Stripe) | Performance of contract |
| Send transactional emails (account confirmation, usage alerts) | Performance of contract |
| Send onboarding and product update emails | Legitimate interest |
| Monitor and enforce rate limits and usage quotas | Legitimate interest |
| Analyze aggregate usage patterns to improve the Services | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not sell your data, use it for advertising, train machine learning models with it, or use it for profiling or automated decision-making that produces legal effects.
| Data Type | Retention Period |
|---|---|
| Account data (email, hashed API keys) | Until you request deletion |
| API usage logs (aggregate metrics) | 90 days, then automatically purged |
| Payment records | As required by tax law (typically 7 years), managed by Stripe |
| Transactional email records | 90 days |
| Support correspondence | 1 year after resolution |
We do not sell, rent, or trade your personal information. We share data only with the following third-party processors:
Stripe processes all payment transactions on our behalf. See the Stripe Privacy Policy.
Resend delivers transactional and product emails on our behalf. See the Resend Privacy Policy.
We may disclose your information if required by law, court order, or governmental request, or to protect our rights, your safety, or the safety of others.
The Portal uses no tracking cookies, advertising cookies, or third-party analytics cookies.
The only client-side storage used is browser local storage for JWT session tokens and API keys for Portal authentication. You can clear this data at any time by logging out or clearing your browser's local storage.
If you are located in the European Economic Area, you have the following rights:
You may request a copy of the personal data we hold about you. We will respond within 30 days.
You may request correction of inaccurate personal data through the Portal or by contacting us.
You may request deletion of your personal data. We will delete your account, revoke API keys, remove your email from all mailing lists, and purge usage logs within 30 days.
You may receive your personal data in a structured, machine-readable format (JSON), including account information and aggregate usage statistics.
You may request that we limit how we process your data while addressing a concern you have raised.
You may object to processing based on legitimate interests. To opt out of product update emails, use the unsubscribe link in any email or contact us.
Contact us at bill@northbeam.solutions. We will respond within 30 days and may request identity verification.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
You may request disclosure of the categories and specific pieces of personal information we collect, the purposes for collection, and the third parties with whom we share it.
You may request deletion of the personal information we have collected, subject to exceptions permitted by law.
We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
We will not discriminate against you for exercising any of your CCPA rights.
Contact us at bill@northbeam.solutions. We will verify your identity and respond within 45 days.
To request deletion of your personal data, email bill@northbeam.solutions with the subject line "Data Deletion Request" and include the email address associated with your account.
We will acknowledge your request within 5 business days and complete deletion within 30 days. Deletion is irreversible; all associated API keys will be revoked.
The Services are not directed at individuals under 18. We do not knowingly collect personal information from children.
If you access the Services from outside the United States, your data may be transferred to and processed in the United States. By using the Services, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission for transfers of personal data from the EEA to the United States.
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on the Portal. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.