Request Demo

Privacy Notice

Last updated: April 19, 2026

Contents

1. Introduction

Quantum Risk Systems, Inc. (“QRS,” “we,” “us,” or “our”) provides catastrophe-risk analytics to insurers and reinsurers. This Privacy Notice describes how we collect, use, share, and protect personal information when you visit our website (qrsrisk.com) , contact us, or engage with our services. This Notice does not cover information that our customers upload and process through the QRS platform. In that context, our customers are the controller (or equivalent) of that data and their own privacy notices govern. QRS acts as a service provider or processor for that data under our customer contracts.

2. Information We Collect

2.1 Information you give us

  • Contact details you provide (name, business email, phone, company) when you request information, sign up for a demo, or enter a contract with us.
  • Account information (login credentials, role, preferences) if you use the QRS platform.
  • Communications with us (email, support tickets, call notes).
  • Payment and billing information our customers provide to pay us (handled by our payment processor).

2.2 Information collected automatically

  • Log data (IP address, user-agent, request times, pages viewed) from our website and platform.
  • Cookies and similar technologies for website analytics and to keep users logged in. See the Cookies section below.
  • Device and usage information for product telemetry, subject to configuration in the QRS platform.

2.3 Information from third parties

  • Publicly available business contact information (for sales outreach).
  • Authentication information from identity providers used for SSO (e.g., Google).

3. How We Use Information

  • To provide, support, and improve our services to customers.
  • To communicate about our services, respond to inquiries, and send operational and security notices.
  • For marketing to business contacts about our services (you can opt out at any time).
  • To detect and prevent fraud, abuse, or security incidents.
  • To comply with legal obligations (tax, accounting, and other required record-keeping).

4. Legal Bases (GDPR / UK GDPR)

Where the EU or UK GDPR applies, we rely on one or more of the following legal bases: performance of a contract; our legitimate interests (in running, securing, and growing our business); compliance with legal obligations; and, where required, consent.

5. How We Share Information

  • Service providers: we use third-party vendors (cloud infrastructure, authentication, email, analytics, customer support, legal, accounting) under written agreements that require them to protect the information and use it only as instructed.
  • Our customers: if you are an authorized user of a customer account, we may share your usage data with that customer.
  • Legal and safety: we may share information as required by law, to comply with legal process, to protect the rights, property, or safety of QRS, our customers, or others, and to enforce our agreements.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.
We do not sell personal information for cash. We do not share personal information with third parties for their independent advertising uses.

6. International Transfers

QRS is headquartered in the United States and stores and processes information in the United States. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that regulates international data transfers, we transfer your information under the applicable legal mechanism (for example, Standard Contractual Clauses, or an adequacy decision where available).

7. Retention

We retain personal information only as long as needed to provide our services and to meet our legal and contractual obligations. Retention periods for different categories are described in our internal Data Retention Policy; in most cases, we retain business contact information until you opt out, support communications for up to three years, and customer records for up to seven years after contract end.

8. Your Rights

Depending on where you are located, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete personal information in certain circumstances.
  • Restrict or object to certain processing.
  • Port your personal information to another service.
  • Withdraw consent where we rely on consent.
  • Lodge a complaint with a data protection authority.

To exercise any of these rights, email privacy@qrsrisk.com . We will respond within the time required by applicable law (typically 30 days under GDPR; 45 days under CCPA). If you are a user of a customer account, we may direct your request to that customer.

9. California Privacy Rights

Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), California residents have the rights listed in Section 8, plus the right to opt out of the sale or sharing of personal information. QRS does not sell personal information and does not share personal information for cross-context behavioral advertising. If you are a California resident and would like to exercise any right, email privacy@qrsrisk.com

10. Security

QRS maintains administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, monitoring, and workforce training. No method of transmission or storage is 100% secure; please let us know if you believe there has been a security problem.

11. Cookies

Our website uses a small number of cookies to keep the site functioning, understand how it is used, and remember preferences. You can disable cookies through your browser settings, though some site features may not work as a result. A current list of cookies we use is available in our Cookie Notice

12. Children

Our services are intended for use by businesses, not children. We do not knowingly collect personal information from anyone under the age of 16.

13. Changes to This Notice

We may update this Notice from time to time. When we make material changes, we will update the date above and, where appropriate, provide additional notice (for example, by posting on our website or emailing you). We encourage you to review this Notice periodically.

14. Contact Us

Quantum Risk Systems, Inc.
Attn: Privacy
privacy@qrsrisk.com
7688 Saint Patrick Way, Suite 4027
Dublin, CA 94568

If you are in the EEA or UK and would like to contact us about this Notice, please use the email address above.

For more information about how we use cookies, please visit our