← Back

Privacy Policy

Information about the collection and processing of personal data according to GDPR

1. Data Controller

The data controller responsible for this personal educational website is:

Matthias Wulff · hello@quantum-exp.com

Postal address: Contact & Legal Notice

2. Data Collection and Processing

2.1 Website Usage

When you visit our website, server access logs automatically record certain information:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages visited

These logs are kept for at most 30 days for security and performance monitoring and are not joined with any other data set. Newsletter subscribers' sign-up IP and user-agent are stored separately as a consent audit trail — see §9.1.

Legal basis: Art. 6 (1) f GDPR (legitimate interest in ensuring website functionality and security)

2.2 Quantum Error Estimation Tool

Our quantum error estimation tool processes the parameters you input (error rates, qubit numbers, computation depths) locally in your browser or on our server for calculation purposes. This data is not stored permanently and is only used to generate the requested visualizations.

Legal basis: Art. 6 (1) b GDPR (performance of service requested by you)

2.3 Cookies and Local Storage

We use technically necessary cookies and local storage to:

  • Remember your tool settings during your session
  • Ensure proper functionality of interactive elements
  • Store your cookie preferences

Legal basis: Art. 6 (1) f GDPR (legitimate interest in website functionality)

3. Data Retention

We do not store personal data longer than necessary for the purposes outlined in this policy:

  • Server logs: 30 days (for security and performance monitoring)
  • Calculation parameters: Not stored (processed on-demand)
  • Session data: Until browser session ends
  • Cookie preferences: Until you change them or clear browser data

4. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) - Request information about your data
  • Right to rectification (Art. 16 GDPR) - Correct inaccurate data
  • Right to erasure (Art. 17 GDPR) - Request deletion of your data
  • Right to restriction (Art. 18 GDPR) - Limit processing of your data
  • Right to data portability (Art. 20 GDPR) - Receive your data in structured format
  • Right to object (Art. 21 GDPR) - Object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7 (3) GDPR) - Where processing is based on consent

To exercise these rights, please contact us via email as provided in section 1.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses HTTPS encryption for secure data transmission.

6. Third-Party Services and Processors

This site is hosted on Vercel (Vercel Inc., USA). Vercel processes request metadata (IP address, user-agent, request path, timestamp) to serve the site and protect it from abuse. We have a Data Processing Agreement in place with Vercel; transfers to the US rely on the EU Standard Contractual Clauses. Optional Vercel Analytics and Speed Insights are loaded only after you opt in via the cookie banner (see §2.3).

Beyond hosting, we do not use third-party analytics, advertising, or tracking services. Newsletter delivery uses Resend (see §9.4). If anything changes, we will update this policy and, where required by law, obtain your consent.

7. International Data Transfers

Most data is processed within the EU. Two processors are based in the US: Vercel (hosting, see §6) and Resend (email delivery, see §9.4). Transfers are covered by Data Processing Agreements and the EU Standard Contractual Clauses (SCCs).

8. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority. The competent authority for this site is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA). You may also contact the supervisory authority of your EU member state of residence or work.

9. Newsletter (Email Subscriptions)

We operate an opt-in email list for occasional updates: when a new two-qubit gate fidelity record, a new physical qubit-count record, or a new qLDPC code lands on quantum-expectations.com. There are no promotional emails, no third-party offers, and no tracking pixels.

9.1 Data we store per subscriber

  • Email address (case-insensitive, unique).
  • Subscription status (pending / confirmed / unsubscribed / bounced / complained).
  • IP address and User-Agent at sign-up, plus the timestamps of sign-up, confirmation, and unsubscribe — kept as a GDPR Art. 7 (1) audit trail to evidence consent.
  • The single-use confirmation token (nulled the moment you click the confirmation link).
  • For each newsletter we send you, the message id returned by our email provider and the delivery outcome (delivered / bounced / complained).

9.2 Legal basis & consent

Processing is based on your consent (Art. 6 (1) a GDPR), expressed by submitting your email and confirming via the link we send you (double opt-in). You can withdraw consent at any time using the one-click unsubscribe link in every email. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, the consent record (email, IP, user-agent, timestamps) is retained on the basis of Art. 6 (1) c GDPR to fulfil our accountability obligation under Art. 7 (1) GDPR.

9.3 Retention

  • Confirmed subscribers: kept until you unsubscribe or your address hard-bounces.
  • Pending (unconfirmed) subscribers: automatically deleted by a daily job 24 hours after the confirmation email if you never click the link.
  • Unsubscribed / bounced / complained: the row is retained (with status set accordingly) so we don't accidentally re-contact you. The consent audit record is retained for 3 years after the subscription ends (aligning with the UWG limitation period) and is then automatically deleted by a daily job. You may request full erasure at any time.
  • Send-history rows: deleted automatically when the corresponding subscriber row is deleted (cascade).

9.4 Processors

The subscriber list and send-history are stored in a Neon Postgres database hosted in the EU (Frankfurt). Email delivery uses Resend, a US-based service provider, under a Data Processing Agreement and the EU Standard Contractual Clauses (SCCs). Resend processes your email address, the message content we generate, and the delivery outcome to deliver the email and surface bounces/complaints back to us.

9.5 What we do not do

  • No open or click tracking.
  • No tracking pixels.
  • No sharing of your email with third parties for marketing.
  • No automatic enrolment — every confirmation is double opt-in.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will notify users of any material changes by posting the updated policy on our website.

Last updated: 03 May 2026