Privacy Policy
01Overview & Data Controller
This Privacy Policy explains how Quad Capital US LLC, a Wyoming limited liability company ("Quad Capital," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with the website located at portfolio.greenautomation.ai and any related services (collectively, the "Platform").
For the purposes of the European Union General Data Protection Regulation ("GDPR") and the United Kingdom GDPR, Quad Capital US LLC is the data controller of personal information processed through the Platform.
02Scope
This Policy applies to personal information we collect when you visit the Platform, register for an account, redeem an invite or guest code, communicate with us, or otherwise interact with our services. It does not apply to:
- Information collected by third-party Portfolio Companies through their own websites, communications, or subscription documents;
- Information collected by other websites that we do not operate, even if linked from the Platform;
- Anonymous, aggregated, or de-identified data that cannot reasonably be used to identify you.
03Information We Collect
We collect the following categories of personal information:
| Category | Examples | Source |
|---|---|---|
| Account Information | Email address, password (hashed), full name, account creation date | You, at registration |
| Profile / Intake Information | Information you voluntarily provide in our intake form, which may include accredited-investor status, investment range, geography, professional background, and similar details | You, during signup |
| Access Credentials | Invite code redemption records, guest credential issuance and expiry data, multi-factor authentication tokens | System-generated |
| Usage Data | Pages visited, documents accessed, timestamps, session duration, search queries, filter selections | Automatically collected |
| Device & Technical Data | IP address, approximate location (city/country derived from IP), browser type and version, operating system, device identifiers, referring URL | Automatically collected |
| Communications | Emails you send to us, support requests, content of messages exchanged through the Platform | You |
| Cookies & Local Storage | Authentication tokens, theme preferences, session identifiers | Automatically collected |
We do not intentionally collect special categories of personal data (such as race, religion, health, or biometric data) or financial account numbers. Please do not provide such information through the Platform.
04How We Use Information
We use personal information for the following purposes:
- To operate the Platform — authenticating users, maintaining sessions, serving the requested Materials, enforcing access controls, and providing user-facing features;
- To communicate with you — sending account confirmations, password resets, security alerts, service updates, and responding to your inquiries;
- To enforce our Terms — investigating suspected violations, preventing unauthorized access, and protecting the rights, property, and safety of Quad Capital, our users, Portfolio Companies, and the public;
- To improve the Platform — analyzing aggregate usage patterns to enhance functionality, debug issues, and optimize performance;
- To comply with legal obligations — responding to lawful requests from authorities, complying with applicable laws and regulations, and exercising or defending legal claims;
- For security — detecting, preventing, and responding to fraud, abuse, security incidents, and other harmful activity.
05Legal Bases for Processing (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR to process your personal information:
- Contract (Art. 6(1)(b)) — to provide the Platform services you request, including account creation and authentication;
- Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the Platform; to prevent fraud and abuse; to enforce our Terms; and to communicate with you about the service. Where we rely on this basis, we have assessed that our interests are not overridden by your rights and freedoms;
- Consent (Art. 6(1)(a)) — for any optional processing for which we explicitly request your consent. You may withdraw consent at any time;
- Legal obligation (Art. 6(1)(c)) — to comply with applicable laws, court orders, and regulatory requirements.
06Sharing & Sub-Processors
We do not sell your personal information. We share personal information only in the following circumstances:
Sub-processors
We use the following service providers to operate the Platform. Each sub-processor is contractually obligated to protect your data and to use it only for the purposes we specify:
| Provider | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database hosting, authentication, server-side functions | United States (US-East) |
| Cloudflare, Inc. | Content delivery, DNS, hosting (Cloudflare Pages), DDoS protection, edge caching | Global edge network |
| Resend | Transactional email delivery (account emails, password resets, notifications) | European Union (Ireland) |
| Vultr Holdings LLC | Virtual private server infrastructure for related services | Germany (Frankfurt) |
Other Disclosures
- Portfolio Companies. If you initiate communication with a Portfolio Company through or in connection with the Platform, we may share your contact information with that Portfolio Company at your direction;
- Professional advisers. Our legal, accounting, and other professional advisers, where strictly necessary and subject to confidentiality;
- Legal compliance. When required by law, court order, subpoena, or other legal process; to enforce our Terms; or to protect the rights, property, or safety of Quad Capital, our users, or others;
- Business transfers. In connection with a merger, acquisition, sale of assets, or similar transaction. You will be notified of any such transfer that would materially change how your data is handled.
07International Data Transfers
Quad Capital is established in the United States, and our primary infrastructure providers are located in the United States and the European Union. If you access the Platform from outside the United States, your personal information will be transferred to, stored in, and processed in the United States and other countries, which may have data protection laws different from those in your jurisdiction.
Where personal information is transferred from the European Economic Area, the United Kingdom, or Switzerland to a third country that does not provide an adequate level of data protection under the GDPR, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, supplemented by additional technical and organizational measures where required.
You may request a copy of the safeguards that apply to international transfers of your personal information by contacting us at privacy@greenautomation.ai.
08Cookies & Tracking
The Platform uses a minimal set of cookies and browser local-storage entries strictly necessary for it to function. We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling.
- Authentication cookies — used to keep you signed in across pages. Required.
- Session storage — used to maintain your access state during a visit. Required.
- Local storage (theme preference) — remembers whether you prefer light or dark mode. Optional; can be cleared via your browser.
Most browsers allow you to control cookies through settings. Disabling required cookies may prevent you from using parts of the Platform.
09Data Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including:
- Active accounts — for the duration of the account, plus a reasonable period after closure to satisfy legal, audit, and dispute-resolution requirements;
- Guest access logs — generally retained for up to 24 months from issuance, then deleted or anonymized;
- Usage and security logs — generally retained for up to 12 months, longer if required for security investigations;
- Communications — retained for the period necessary to handle the matter and comply with applicable record-keeping obligations.
When personal information is no longer needed, we delete or anonymize it, except where retention is required or permitted by law.
10Security
We implement reasonable technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- HTTPS/TLS encryption in transit;
- Encrypted database storage at rest;
- Role-based access controls and least-privilege provisioning;
- Multi-factor authentication for administrative accounts;
- Regular security review of infrastructure and dependencies;
- Content Security Policy, HSTS, and other defense-in-depth web security headers.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the secrecy of your account credentials.
11Your Rights — GDPR (EEA, UK, Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal information:
- Right of access — to obtain confirmation of whether we process your data and to receive a copy;
- Right to rectification — to correct inaccurate or incomplete data;
- Right to erasure ("right to be forgotten") — to request deletion in certain circumstances;
- Right to restriction — to limit how we process your data in certain circumstances;
- Right to data portability — to receive your data in a structured, machine-readable format;
- Right to object — to object to processing based on legitimate interests;
- Right to withdraw consent — at any time, where processing is based on consent;
- Right to lodge a complaint — with your local supervisory authority. In Hungary, this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH). In the UK, this is the Information Commissioner's Office (ICO).
To exercise any of these rights, contact us at privacy@greenautomation.ai. We will respond within one month, as required by GDPR. We may need to verify your identity before fulfilling certain requests.
12Your Rights — CCPA/CPRA (California Residents)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with the following rights:
- Right to know — what categories of personal information we collect, the sources, the purposes, the categories shared, and the specific pieces of personal information we hold about you;
- Right to delete — your personal information, subject to certain exceptions;
- Right to correct — inaccurate personal information;
- Right to opt-out of sale or sharing — see Section 15 below;
- Right to limit use of sensitive personal information — to certain permitted business purposes;
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at privacy@greenautomation.ai. We will respond within 45 days, as required by CCPA. You may also designate an authorized agent to make a request on your behalf.
Categories disclosed for a business purpose in the past 12 months: identifiers (email, name), internet/network activity (usage data, device data), and commercial information limited to the intake form profile data — disclosed only to the sub-processors identified in Section 6, for the operational purposes described in Section 4.
13Your Rights — Other US Residents
If you are a resident of Virginia, Colorado, Connecticut, Utah, or another US state with a comprehensive privacy law, you generally have rights similar to those described above, including the right to access, correct, delete, and obtain a portable copy of your personal information. To exercise these rights, contact us at privacy@greenautomation.ai.
14Children's Privacy
The Platform is not directed to children under the age of 18, and we do not knowingly collect personal information from minors. If we learn that we have inadvertently collected personal information from a minor, we will delete it promptly. If you believe we may have information from or about a minor, please contact us at privacy@greenautomation.ai.
15Sale or Sharing of Personal Information
Quad Capital does not sell your personal information for monetary consideration. We do not engage in cross-context behavioral advertising. We do not share personal information with third parties for the third parties' own marketing or advertising purposes.
The disclosures to sub-processors and business partners described in Section 6 are made strictly to operate the Platform on our behalf and do not constitute a "sale" or "sharing" under California or other US privacy laws.
16Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the most recent changes were made. If we make material changes, we will provide additional notice, such as by email to registered users or by a prominent notice on the Platform. Your continued use of the Platform after the effective date of any update constitutes your acknowledgment of the revised Policy.
17Contact
Attn: Privacy
30 N Gould St, Suite R
Sheridan, WY 82801
United States
Email: privacy@greenautomation.ai
Phone: +1 (757) 619-7647