Privacy Policy

Last Updated: December 1, 2025

Summary

As an industry-leading CDN and Security Solution provider, Quantil (including its global affiliates, collectively “Quantil”, “we”, “our” and “us”) fully respects your privacy and is committed to protecting your personal data (otherwise known as personal information). This Privacy Policy applies to our CDN Pro product, a serverless Nginx platform @Edge, and any our official websites or portals that post a link to this document. Please make sure that you have fully read, understood, and consent with the terms of this Privacy Policy for CDN Pro before interacting with us.

This Privacy Policy describes how we collect, use, or otherwise process your personal data as a “controller” (i.e., we determine the purposes and means of the processing of personal data). This Privacy Policy does not apply to the processing of personal data as a processor (i.e., we process personal data on behalf of the controller). The details of our processing of personal data in the processor role are outlined in Quantil Data Processing Addendum.

1. What personal data we collect from you

Personal data means any information relating to you, the data subject, as an identified or identifiable natural person where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The personal data we collect depends upon the nature of your interaction with Quantil. Such interaction may occur when you browse our websites, make an enquiry on our websites, register an account with our websites, subscribe our services, download content from us, contact us when experiencing problems, or as you otherwise engage with Quantil.

In general, Quantil collects and processes relevant categories of personal data in connection with the following business operations:

(a) Website content provision: when you browse information and content on our websites, we may collect your Device and Behavior information.

(b) Services provision and improvement: depending on the service you use and your preferences, you may be asked to provide your Account Information, Contact Information, Payment Information, Device and Behavior Information, Service Operation Information.

(c) Promotional and marketing activities: depending on the setting of your preferences, you may be asked to provide your Contact Information, Device and Behavior Information.

(d) Request support: depending on your requests, inquires, suggestions, or the problems you encounter, you may be asked to provide your Account Information, Contact Information, Device and Behavior Information, Service Operation Information.

(e) Legal obligations performance: we will collect your personal data as required by applicable laws and regulations.

In any cases, Quantil shall collect your personal data within the minimum scope, and personal data will be processed by Quantil manually or by electronic means. The following sets out the specific types of personal data that different categories of personal data may contain.

• Account Information: this category of personal data may include your first and last name, user name, password and other similar security information for authentication and account access.
• Contact Information: this category of personal data may include your telephone number, email address, postal address, company name, job title and other similar contact information.
• Payment Information: this category of personal data may include your account name, payment result, transaction reference number and other similar payment-related information.
• Device and Behavior information: this category of personal data may include your device type, operating system, online identifier, IP address, geographic location, the domain name of your internet service provider and other similar information about the device you use and your interaction behavior with Quantil.
• Service Operation Information: this usually refers to log data, network traffic data and other data related to services/content delivery, which may include IP address, access record with time stamp, mouse clicks, etc. Such data involves extremely limited personal data, usually in the form of IP address.

2. Why we collect your personal data

We collect personal data from you for the following purposes:

(a) To enable you to access certain information or content of our websites;

(b) To enter into a contract with you or the entity you represent, or to perform the contract;

(c) To provide you with our services, online content and information;

(d) To contact you and send you notices related to the provision of our services;

(e) To respond to your requests, inquires and suggestions;

(f) To send you information about our products, activities and services that may interest you;

(g) To optimize our products and services, expand markets relationships and deepen business cooperation;

(h) To analyze the efficiency of your service operations, and provide you with customized services;

(i) To ensure the network security of our customers, users and ourselves;

(j) To comply with applicable laws and regulations, or respond to regulatory requirements; and

(k) For any other purposes which we may separately notify you and obtain your consent for.

We process your personal data on one or more of the following legal bases:

(a) When you have given consent to the processing of your personal data for one or more specific purposes;

(b) When processing is necessary for the performance of a contract to which you or a legal entity you represent is party or in order to take steps at your request prior to entering into a contract;

(c) When processing is necessary for compliance with our legal obligation;

(d) When processing is necessary in order to protect the public interest or the vital interests of you or another natural person;

(e) When processing is necessary for the legitimate interest pursued by Quantil or by third-parties as described in this Privacy Policy.

3. How we share your personal data

To fulfill the purposes outlined in Section 2, Quantil may share your personal data with the following categories of recipients under the circumstances described below:

Your organization

If your service account is provided or managed by your organization, we may share certain account-related data with your organization to enable it to administer, manage, and support the use of our services.

Third-party vendors

Certain features of Quantil’ services may be provided in whole or in part by third-party vendors directly. Specifically, we use Stripe as our third-party payment platform, and we use Google for hosting and database services. Third-party vendors may have their own separate privacy policies, which are not governed by this Privacy Policy.

Subcontractors

Under some circumstances, such as service provision, product optimization, request response, user experience enhancement, etc., we may use sub-processors to process your personal data on our behalf. In such cases, the purposes and means of personal data processing are determined by Quantil, and the sub-processors will only act in accordance with Quantil’ instructions. When sharing your personal data with our subcontractors, Quantil will seek reasonably appropriate protection measures, and we share it only if the recipient agrees to comply with this Privacy Policy or has adopted a substantially similar policy regarding the treatment of personal data. For more information, please see Sub-Processors.

Regulatory authority

We may have to share your personal data for the purposes of complying with applicable laws and regulations, responding to legal processes or protecting our legitimate rights and interests.

Your instructions to a third party

Other than as set out above, we may share your personal data under your instructions.

Entities within Quantil’ Group

Quantil is a transnational enterprise with affiliates in several countries around the world. On some occasions (e.g., providing global services, troubleshooting, remote support, etc.), Quantil may need to collaborate with its affiliates and transfer your personal data to the places outside your home country or region. Quantil affiliates will commit to the same degree of care on the protection of your personal data. If international transfer happens, Quantil shall adopt appropriate safeguards, including technical measures and organizational measures, to ensure such transfer is compliant with this Privacy Policy and as permitted by applicable data protection laws.

Your instructions to a third party

Other than as set out above, we may share your personal data under your instructions.

4. How we protect your personal data

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity that may arise on your rights and freedoms, Quantil adopts appropriate physical, organizational, and technical measures that are no less than industry standard to protect the confidentiality and security of your personal data from accidental or unlawful destruction, loss, alteration, misuse, or unauthorised access.

To be specific, we have implemented the following measures to protect your personal data:

Organizational Measures

a. Internal system construction: we have established and implemented internal privacy management system, including information security policies, risk assessments guidelines, data audit procedures, remote work policies, incident management programs, data processing addendum, etc.

b. External contract management: in our external cooperation, we ensure that we have entered into relevant contracts with the counterparty, such as data processing agreement, nondisclosure agreement, or inserting personal data protection-related clauses into relevant contract, to require third parties to fulfill their data protection obligations and we will continuously monitor their performance.

c. Access control: we have deployed access control mechanisms and implemented hierarchical permission management based on the necessity of service provision and personnel level to ensure that only authorized personnel can access personal data. Meanwhile, we clearly define and assign the roles and responsibilities of personal data protection, and implement separation of duties to reduce the risk of unauthorized access.

d. Awareness & Training: we have a dedicated privacy team responsible for holding regular and ongoing trainings to enhance our employees’ personal data protection awareness.

Technical measures

a. Encryption and pseudonymisation: we adopt appropriate encryption and pseudonymisation measures to prevent data leakage and unauthorized access. For example, in data transmission we leverage encryption technologies, such as RSA and AES, to reduce the data security risks; in data storage and display, we use encryption technologies, such as hash algorithm, NCA algorithm, etc., console desensitization display and other means to protect your personal data.

b. Cybersecurity: we possess appropriate cybersecurity capabilities that are no less than industry standards. For example, we deploy firewall to prevent unauthorized access, implement DDOS protection to ensure the network stability, regularly run vulnerability scanning programs to detect potential security vulnerabilities and develop vulnerability strategies, take appropriate O&M security management and configuration management, remote access to the IT systems via VPN tunnels, etc. An overview of certifications and attestations maintained by Quantil in terms of the security of information systems can be viewed here.

c. Password control: we have implemented password controls in our portal for the CDN Pro product, including password length, complexity, valid period, access attempts, password reset timeframe, etc. All passwords will be stored in a “hashed” form.

d. Back-up: an appropriate backup methodology is implemented to ensure data integrity and timely restoration of core operational data.

Physical Measures

Your personal data is stored in controlled facilities with strict entrance and exit control in place. In such facilities, we have adopted entrance guard system and CCTV to ensure the physical security of the data centers to prevent unauthorized access.

The measures listed above are not all the data protection measures we have taken. In fact, we will do our best to take the most reasonable and reliable protection measures based on the nature of the data. While we take the security of your personal data seriously, please note that no security measures are completely infallible. In the event of any data security risk, Quantil will respond promptly in line with any data breach requirements as detailed in the applicable laws and regulations.

5. How long we retain your personal data

The data retention period may depend on the purposes for which your personal data has been collected and the Services you use. Your personal data will be retained only when it is necessary to fulfill the purposes set out in this Privacy Policy, unless otherwise required by laws or requested by you.

When there is no longer a business necessity or legal basis for retaining your personal data, we will promptly erase, delete or anonymize your personal data as soon as possible.

We will make commercially reasonable efforts (such as inserting relevant contractual clauses) to ensure that any third party to whom we disclose your personal data retains your personal data consistent with this Privacy Policy.

6. How to exercise your rights as a data subject

Quantil recognizes individuals’ data protection rights. You may have the following rights regarding your personal data under applicable laws:

• Access: you can access and update your personal data or other information that you have provided to us, and you may request a copy of your personal data.
• Rectification: you have the right to rectify any inaccurate information, and you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and where technically feasible, you also have the right to transmit those data directly from us to a third party of your choice.
• Erasure: you can request us to erase or delete any or all your personal data. However, please note that we may retain certain information if there are valid grounds under applicable data protection laws for us to do so (e.g., for the defense of legal claims or freedom of expression), but we will notify you if this is the case.
• Objection: you have the right to object to our processing of your personal data. For example, in marketing and profiling, you may request to opt out of promotional communications through the unsubscribed link or other link within each email or contacting us directly.
• Restriction of Processing: in certain circumstances, you may have the right to obtain restriction of personal data processing, with the exception of storage. However, please note that we may use it again if there are valid grounds under applicable data protection laws for us to do so, and we will inform you before the restriction of processing is lifted.

We will use our reasonable endeavor to respond to your request. Please note that before Quantil is able to provide you with any access to information, we will ask you to verify your identity and may seek other details from you to help us to respond to your request.

7. How we use cookies

We use cookies and/or other similar technologies, such as web beacons, JavaScript, etc., to maintain your session, provide you with a smoother and more efficient browsing experience on our Websites and enhance your usage on our Services.

A “cookie” is a small amount of data that is sent by the website’s server to your web browser and stored locally on your computer or mobile device. For more information about the cookies usage in connection with our CDN Pro product and related websites, please see our Cookie Policy.

8. How this Privacy Policy is updated

We may update or modify this Privacy Policy from time to time according to changes in our business operations or applicable laws. If we update this Privacy Policy, we will publish its latest version on our CDN Pro console platform or by otherwise notifying you. The revised terms will come into effect immediately upon posting or otherwise notified by us. We recommend that you check this Privacy Policy regularly to familiarize yourself with Quantil’ practices and to be aware of any material changes.

9. How to contact us

If you have any questions, concerns or suggestions related to this Privacy Policy, or if you want to report any problem, or if you wish to execute your data subject rights, please contact us at:

Email: abuse@quantil.com