Privacy Policy

Introduction

AIToTest Inc. ("AIToTest," "we," "our," or "us"), headquartered at 535 Mission Street, San Francisco, CA 94105, is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered testing platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. We will not use or share your information with anyone except as described in this Privacy Policy.

Information We Collect

Account Information

• Company name and business information
• Contact information (name, email address, phone number)
• Billing information and transaction history
• User credentials and authentication data
• Professional role and department information

Service Usage Data

• Test execution logs and results
• Code coverage statistics and metrics
• API calls and request logs
• Feature usage patterns and preferences
• Performance metrics and analytics
• Error reports and diagnostic information

Technical Information

• IP addresses and device information
• Browser type and version
• Operating system information
• Time zone and language preferences
• Cookie data and session information

How We Use Your Information

We use the collected information for various purposes, including:

Service Provision and Improvement

• Delivering and maintaining our testing services
• Improving and optimizing our AI models
• Providing technical support and customer service
• Developing new features and capabilities
• Conducting research and analysis

Security and Compliance

• Protecting against unauthorized access
• Detecting and preventing fraud
• Maintaining audit logs for compliance
• Enforcing our terms of service
• Meeting legal obligations

Communication and Marketing

• Sending service updates and notifications
• Providing product newsletters and announcements
• Responding to your inquiries
• Marketing our services (with your consent)

Data Processing and Storage

Code Processing

All code processing occurs in isolated, secure environments. Your source code is processed in memory and is never persistently stored unless explicitly requested. We maintain strict access controls and audit logs for all code processing activities.

Data Encryption

We implement industry-standard encryption protocols to protect your data:

• TLS 1.3 for all data in transit
• AES-256 encryption for data at rest
• End-to-end encryption for sensitive operations
• Secure key management and rotation

Data Retention

We retain your information only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. When we no longer need to use your information, we will securely delete or anonymize it.

Security Measures

We maintain comprehensive security measures to protect your information:

• SOC 2 Type II certification
• Regular security audits and penetration testing
• 24/7 security monitoring and incident response
• Employee security training and background checks
• Physical security measures at our data centers
• Vendor security assessment program

Data Sharing and Third Parties

We may share your information with third parties only in the following circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect our rights and property
• With service providers who assist in our operations
• In the event of a merger, acquisition, or sale of assets

All third-party service providers are contractually obligated to protect your information and are prohibited from using it for any purpose other than providing services to us.

Your Rights and Choices

You have the following rights regarding your information:

• Access and review your personal information
• Correct inaccurate or incomplete information
• Request deletion of your information
• Object to or restrict processing
• Data portability
• Withdraw consent (where applicable)

International Data Transfers

We process and store data in the United States and other countries. When we transfer data internationally, we implement appropriate safeguards such as:

• Standard contractual clauses
• Data processing agreements
• Privacy Shield certification (where applicable)
• Regional data residency options

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Cookie Policy

We use cookies and similar tracking technologies to enhance your experience:

• Essential cookies for service functionality
• Analytics cookies to understand usage patterns
• Preference cookies to remember your settings
• Marketing cookies (with your consent)

You can control cookie preferences through your browser settings. Note that disabling certain cookies may limit functionality.

GDPR and CCPA Compliance

For users in the EU and California, we provide additional rights and protections:

EU Users (GDPR)

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision making

California Users (CCPA)

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access your personal information
• Right to equal service and price

Data Retention Periods

We retain different types of data for specific periods:

• Account information: Duration of account plus 2 years
• Usage data: 12 months
• Payment information: 7 years (legal requirement)
• Communication records: 3 years
• Test results and metrics: 18 months
• Security logs: 2 years

Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect or maintain personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Data Breach Notification

In the event of a data breach, we will:

• Notify affected users within 72 hours of discovery
• Provide details about the nature of the breach
• Share steps taken to mitigate risks
• Offer guidance on protecting your information
• Cooperate with law enforcement as required
• Conduct a post-incident review and implement preventive measures

Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us at: