Privacy Policy

This page describes what data Quantcents Blog collects, why we collect it, and how we handle it. We try to keep this short and honest. As a Data Fiduciary under India's Digital Personal Data Protection Act 2023, the notice below also covers our DPDP-mandated disclosures.

Notice under DPDP Act 2023, s. 5

Identity of Data Fiduciary: Kunal Agarwal, operating Quantcents Blog at blog.quantcents.com.

Categories of personal data collected: email address (newsletter), Cognito user ID and Google profile (sign-in), comment text, IP address (rate-limit and abuse), device/browser metadata (analytics).

Purpose of processing: deliver the newsletter, enable comments, prevent abuse, measure which posts get read.

Your rights under DPDP: access, correction, erasure, grievance redressal, and the right to complain to the Data Protection Board of India.

Data retention: newsletter subscribers — until you unsubscribe; comments — 24 months from posting, or until you request deletion; PostHog analytics — 13 months; session cookies — 7 days.

Children: the blog is not intended for users under 18. We do not knowingly collect data from minors. If you are under 18, do not sign in or subscribe.

Grievance Officer

Per DPDP Act 2023 s. 13 and IT Act 2000 s. 79 + Intermediary Rules 2021/2023:

• Name: Kunal Agarwal
• Email: research@quantcents.com
• Acknowledgement: within 24 hours of receipt
• Resolution: within 7 days for DPDP grievances; within 15 days for content-takedown grievances; within 36 hours for court or government takedown orders

Cookie consent

We show a consent banner on your first visit. Analytics cookies (PostHog, Vercel Analytics) only load if you click Accept. Essential cookies for sign-in (qc_session, qc_oauth_pending) and the consent record itself (qc_consent_v1) are always set — they are necessary for the site to function. You can change your choice anytime by clearing the qc_consent_v1 entry in your browser's localStorage.

What we collect

Newsletter signups

When you subscribe to the newsletter, we store your email address and the source you signed up from (e.g., post-rail, footer). We use this only to send you the newsletter.

Sign-in & comments

Sign-in is via Google OAuth, mediated through AWS Cognito. When you sign in, we receive your email address and public Google profile (display name, profile picture). We store a session cookie containing those identity claims — signed but not encrypted, no third-party tokens. The session cookie is HTTP-only, same-site, secure in production, and expires in 7 days.

When you post a comment, we store your Cognito user ID (sub), display name, and the comment text. Comments are moderated by the blog operator and may be hidden if they violate community standards.

Analytics

We use PostHog for product analytics. PostHog captures anonymous pageviews, scroll-depth events, and click events. If you sign in, PostHog associates your activity with your Cognito user ID. We do not sell or share your analytics data.

We also use Vercel Analytics, which captures basic anonymized performance and Web Vitals metrics.

UTM parameters in URLs (e.g. utm_source=linkedin) are captured to attribute traffic to the right campaign. We don't use third-party advertising trackers, retargeting pixels, or data-broker integrations.

Cookies we set

• qc_session — your sign-in session (7-day expiry, HTTP-only).
• qc_oauth_pending — short-lived (10-minute) state for the Cognito sign-in handshake.
• PostHog cookies — anonymous device/session identifiers used by PostHog analytics.

What we don't collect

• Payment information (we don't take payments).
• Phone numbers, addresses, government IDs, or financial-statement data.
• Information from any third-party data broker.

How we share data

We don't sell or rent your data to anyone. We use these processors as part of running the blog:

• Vercel — hosts the site and runs serverless functions.
• AWS Cognito — handles sign-in flow and identity tokens.
• Google — when you sign in via Google OAuth.
• PostHog — analytics.
• An email service provider — when the daily brief launches, we will name the processor here before any email is sent. We do not currently send any emails.

Your rights

Email research@quantcents.com if you want to:

• Unsubscribe from the newsletter (every email also has an unsubscribe link).
• Delete your comments or your account.
• Request a copy of all data we hold about you.

We'll respond within 7 days.

Changes to this policy

We'll update the “Last updated” date at the top when this page changes. Material changes will be announced in the newsletter.