Last updated: June 2026
Qanta (“Qanta,” “we,” “us,” or “our”) is a cybersecurity and governance, risk, and compliance firm. This Privacy Policy explains what personal information we collect through our website, how we use and share it, and the choices and rights available to you. By using this website, you agree to the practices described here.
We collect two broad categories of information:
Where applicable law requires a legal basis (for example, under the EU and UK GDPR), we rely on: your consent (for analytics cookies and marketing communications); our legitimate interests in operating, securing, and improving our business and website; the steps necessary to respond to your request before entering into a contract; and compliance with our legal obligations.
We use cookies and similar technologies to keep the site functioning and to measure performance. For details about the categories of cookies we use and how to control them, see our Cookie Policy.
We do not sell your personal information. We share it only with service providers who help us operate the site and our business—such as hosting, email delivery, and analytics providers—under contracts that limit their use of the data to providing services to us. We may also disclose information when required by law or to protect our rights, our users, or the public.
We retain personal information only for as long as needed to fulfill the purposes described in this policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Contact-form submissions are kept for the period necessary to handle your inquiry and our ongoing relationship, after which they are deleted or anonymized.
Security is our profession. We apply the same controls to our own environment that we help clients implement, aligning our program to the NIST Cybersecurity Framework (CSF) 2.0 and the CIS Critical Security Controls. These include access management, encryption of data in transit and at rest, logging and monitoring, and vendor due diligence. No method of transmission or storage is perfectly secure, but we work continuously to protect your information.
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area and the United Kingdom have these rights under the GDPR; California residents have comparable rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them. To make a request, please contact us.
We are based in the United States, and the information we collect may be processed in the United States or other countries. Where we transfer personal data internationally, we use appropriate safeguards—such as the European Commission’s Standard Contractual Clauses—to protect that data consistent with applicable law.
Our website is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be reflected here, and your continued use of the site after an update constitutes acceptance of the revised policy.
If you have questions about this policy or how we handle your data, please get in touch.