Migration deadline: Friday, June 5, 2026 at 00:00 UTC. The whole quantdataapi.com domain (this site and the API) is moving to nodebar.dev. In your code, update api.quantdataapi.comapi.nodebar.dev and replace the qda_ prefix on your API key with nb_. Same key body, no new key to receive.
AAPL rsi_14 62.4 ▲ LONG TSLA macd -0.12 ▼ SHORT BTC/USD hurst 0.62 ▲ TREND EUR/USD vol_regime 0.18 ─ FLAT SPY atr_z 1.84 ▲ HIGH VOL GOLD tail_dep 0.42 ▲ COUPLED NVDA anomaly 0.91 ▲ ANOMALY MSFT stoch_k 18.2 ▼ OVERSOLD QQQ bb_%b 0.92 ▲ OVERBOUGHT ETH/USD pca_z1 1.24 ▲ LONG AMZN granger 4.82 ▲ LEADING CL wavelet_e 2.31 ▲ BURST AAPL rsi_14 62.4 ▲ LONG TSLA macd -0.12 ▼ SHORT BTC/USD hurst 0.62 ▲ TREND EUR/USD vol_regime 0.18 ─ FLAT SPY atr_z 1.84 ▲ HIGH VOL GOLD tail_dep 0.42 ▲ COUPLED NVDA anomaly 0.91 ▲ ANOMALY MSFT stoch_k 18.2 ▼ OVERSOLD QQQ bb_%b 0.92 ▲ OVERBOUGHT ETH/USD pca_z1 1.24 ▲ LONG AMZN granger 4.82 ▲ LEADING CL wavelet_e 2.31 ▲ BURST
shield Legal

Privacy Policy

Effective Date: March 2026 · Last updated: June 2026

1. Data Controller

The data controller responsible for your personal data is:

NodeBar (trading name of the individual provider identified in the Legal Notice)
Madrid, Spain
Email: [email protected]

2. Scope of This Policy

This Privacy Policy applies to the NodeBar platform, including our website, APIs, and related services ("Service"). Our services are intended for professional and business use only.

3. Data We Collect

3.1 Personal Data

  • Email address and account credentials
  • Name and company information
  • Billing details and payment metadata (processed securely via Stripe)

3.2 API Usage Data

  • Endpoints accessed
  • Timestamps and request frequency
  • Query parameters and response metadata
  • IP address and device information

This data is essential for providing the service, enforcing rate limits, billing, and ensuring system security.

4. Legal Basis for Processing (GDPR)

  • Contract: To provide API access and manage subscriptions.
  • Legitimate Interest: To maintain security, prevent abuse, and improve performance.
  • Legal Obligation: For accounting, tax, and regulatory compliance.
  • Consent: For cookies and optional communications.

5. How We Use Data

  • Provide and operate the API service
  • Authenticate users and manage API keys
  • Process payments and subscriptions
  • Monitor usage, detect abuse, and enforce limits
  • Improve infrastructure and performance
  • Communicate service updates

6. Data Retention

We apply concrete retention periods, after which data is either deleted or anonymized:

  • Account data (email, API key hash, plan): retained while the account is active. Deleted within 30 days of account closure, except where a longer period is mandated by law.
  • Billing data (Stripe customer ID, invoices, payment metadata): retained for 6 years from the date of the last invoice (Spanish Commercial Code Art. 30 + AEAT requirements).
  • API request logs (timestamp, endpoint, IP, request size): retained for 90 days for security, abuse detection and rate-limit enforcement, then aggregated into anonymous metrics and the per-request rows are deleted.
  • Contact form submissions: retained for 2 years from receipt, then deleted.
  • Server access logs (Nginx): retained for 30 days.
  • Cookie consent records (timestamp + version): retained for 13 months as recommended by AEPD guidance.

6.bis Subprocessors

To deliver the Service we rely on the following processors. Each is bound by a Data Processing Agreement (DPA) and implements appropriate safeguards:

  • Stripe Payments Europe Ltd. (Ireland): payment processing. Receives: name, email, billing address, card data (PCI-DSS scope). stripe.com/privacy
  • Google Ireland Ltd. (Ireland): Google Analytics 4 (with consent only), Google Fonts and Google Translate (only when you activate translation). Receives: anonymized IP, page views, device metadata. policies.google.com/privacy
  • Sinch Mailgun (EU region, Mailgun Technologies): transactional and service email delivery (API key emails, service notices, contact form). Receives: recipient email address and message content. mailgun.com/legal/privacy-policy
  • Cloudflare, Inc. (United States, EU edge nodes): DNS, CDN/reverse proxy and email routing for our domains. Receives: visitor IP addresses and request metadata in transit, and forwards email addressed to our domain. cloudflare.com/privacypolicy
  • Twelve Data Pricing, Inc. (United States): upstream financial data provider. Does not receive any personal data; receives only ticker symbols and timeframes. twelvedata.com/privacy
  • Contabo GmbH (Germany): server hosting (vmi3068428). Receives all data hosted on the Service. contabo.com/legal/privacy-policy
  • Namecheap, Inc. (United States): domain registration only; no personal data of users.

Transfers outside the EEA are covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs).

7. Data Sharing

We do not sell your personal data. We may share data with:

  • Payment providers: Stripe
  • Infrastructure providers: Hosting, storage, and monitoring services
  • Legal authorities: When required by law

8. International Transfers

Your data may be processed outside the European Economic Area (EEA), including in the United States. We ensure appropriate safeguards such as Standard Contractual Clauses (SCCs).

9. Cookies and Analytics

We use a strictly necessary cookie to remember your display preference and your cookie consent choice. Analytics cookies (Google Analytics 4) are only set after you give explicit consent via the cookie banner shown on your first visit, in line with GDPR Article 7 and Spanish LSSI-CE Article 22.2.

We implement Google Consent Mode v2 with all non-essential buckets defaulting to "denied" until you accept. You can change or withdraw your consent at any time from the Cookies Policy page.

Full inventory of cookies, durations and third-party providers: Cookies Policy.

9.bis Single point of contact (DSA)

In accordance with Articles 11 and 12 of Regulation (EU) 2022/2065 (Digital Services Act), the single point of contact for authorities and recipients of the service is [email protected]. Communication languages: English, Spanish.

10. Data Security

We implement industry-standard security measures to protect your data, including encryption, secure access controls, and monitoring systems. However, no system is completely secure.

11. Your Rights (GDPR)

Under the GDPR (Regulation (EU) 2016/679) you have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): correct inaccurate or incomplete data.
  • Right to erasure / "right to be forgotten" (Art. 17): request deletion of your account and all associated data, subject only to legal retention obligations (e.g. invoices for 6 years).
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format (JSON).
  • Right to object (Art. 21): including objection to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7.3): at any time, without affecting prior lawful processing. For cookies, use the Cookies Policy page.
  • Right not to be subject to automated decision-making (Art. 22). The Service does not perform any solely-automated decisions with legal or significant effects.

How to exercise these rights

Send an email to [email protected] with the subject line "GDPR request: [right invoked]" from the email address associated with your account. We will respond within 30 days (extendable by 60 additional days for complex requests, with prior notice).

For an account deletion request, send "GDPR: delete my account"; we will permanently remove your account, API key and associated data within 30 days, except for billing records which are retained for the legal 6-year period.

You may verify your identity via the email address linked to your account; for additional security we may request supplementary verification.

Right to lodge a complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es, or with the supervisory authority of your country of residence within the EEA.

11.bis Children's data

The Service is intended exclusively for professional and business use and is not directed to persons under 14 years of age (the minimum age for valid consent under Spanish law: LOPDGDD Art. 7). We do not knowingly collect personal data from children under 14. If we become aware that we have collected such data, we will delete it without undue delay. Parents or guardians who believe their child has provided us with personal data should contact [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

13. Contact

For any privacy-related inquiries: [email protected]

© 2026 NodeBar Terms of Service →