1. Data Controller
Interlink Digital Group Limited ("Company", "we", "us") is the data controller for personal data processed in connection with the TrueEntropy service. Registered office: Lancaster House, Amy Johnson Way, Blackpool FY4 2RP, United Kingdom.
2. Data We Collect
2.1 Account Data
- Email address (for authentication and communication)
- Name (for account personalisation)
- Company name (optional, for enterprise accounts)
- Billing information (processed by our payment provider)
2.2 Usage Data
- API request logs (endpoint, timestamp, response code, latency)
- API key identifiers (hashed, not plaintext)
- IP addresses (for rate limiting and security)
- Dashboard access logs
2.3 Data We Do NOT Collect
- Random number values - We do not log, store, or record the random numbers delivered to you. Consumed entropy pool values are not retained after delivery.
- QuBitLang circuit outputs - Raw quantum measurement results are processed through the quality pipeline and discarded after pool entry.
3. Legal Basis for Processing
We process personal data under the following legal bases (UK GDPR):
- Contract performance - Processing necessary to provide the Service
- Legitimate interests - Security monitoring, fraud prevention, service improvement
- Legal obligation - Tax records, compliance requirements
- Consent - Marketing communications (opt-in only)
4. Data Retention
- Account data: retained for the lifetime of your account + 12 months after deletion
- API request logs: retained for 90 days (rolling)
- Billing records: retained for 7 years (legal requirement)
- Provenance certificates: retained indefinitely (audit trail)
5. Data Sharing
We do not sell personal data. We share data only with:
- Payment processor - For billing (Stripe or equivalent)
- Infrastructure providers - Hosting, CDN, monitoring (UK/EU data centres)
- Law enforcement - Only when legally compelled by valid court order
6. International Transfers
API request processing occurs on UK-based infrastructure. IBM Quantum hardware access may involve data transit to IBM data centres. No personal data is transmitted to quantum hardware - only compiled QuBitLang circuits.
7. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Lodge a complaint with the ICO
8. Security
We implement industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- Secure storage for data at rest
- Argon2id hashing for API key storage
- Regular security audits and penetration testing
9. Cookies
The TrueEntropy website uses essential cookies for authentication and session management. We use privacy-first analytics (Plausible/PostHog) that do not require cookie consent. No third-party advertising cookies are used.
10. Contact
Data protection enquiries: privacy@trueentropy.net
ICO registration: [Registration number pending]