Privacy Policy

This Privacy Policy explains how Autonomy QA collects, uses, discloses, and protects information when you visit our websites, use our application, APIs, agents, documentation, support, or related services.

For account, billing, marketing, and website information, Autonomy QA acts as the controller or business responsible for that information. For personal information contained in customer applications, Test Plans, Runs, screenshots, DOM snapshots, network logs, recordings, prompts, responses, or other customer test artifacts, Autonomy QA generally acts as a processor or service provider on behalf of the customer, unless an applicable agreement says otherwise.

Customers who require a Data Processing Agreement (DPA) covering personal information we process on their behalf can request one from us.

We collect information needed to provide, secure, support, and improve the Autonomy QA platform.

• Account and organization information: names, work emails, authentication details, organization names, roles, user preferences, support messages, and similar information.
• Billing information: plan, subscription, invoice, tax, and payment status information. Payment card data is processed by our payment providers and is not stored by Autonomy QA in full.
• Customer content and test artifacts: Test Plans, Run steps, target URLs, application screenshots, visual recordings, DOM snapshots, network metadata, logs, error output, email/SMS test evidence, model prompts and responses, and debugging notes generated while providing the Service.
• Technical and usage data: IP address, device and browser metadata, API usage, feature events, agent performance, latency, token usage, cost metadata, diagnostic logs, and security events.
• Cookies and similar technologies: session, security, preference, analytics, and attribution identifiers as described below.

We use information to operate Autonomy QA, including to create and manage accounts, execute Runs, generate reports, maintain Product Graph evidence, provide support, process payments, detect abuse, secure the platform, and comply with legal obligations.

We may use aggregated or de-identified telemetry to improve reliability, agent routing, product quality, and cost controls. We do not use your proprietary application data, customer content, or personal information to train foundation models without your explicit opt-in or a separate written agreement.

Autonomy QA is an AI-native platform. To execute Runs, reason about failures, generate Test Plans and suggestions, classify evidence, and produce reports, we send relevant test context to third-party AI model providers and routing gateways acting as our subprocessors. The specific providers used depend on your plan, workspace configuration, and any model routing you select.

For the purposes of this Policy, “train” or “training” means using data to adjust, fine-tune, or otherwise modify the weights, parameters, or behavior of an AI model. We do not use your customer content, test artifacts, or personal information to train foundation models, and we rely on the commercial API terms of our AI model providers, which prohibit them from using data submitted through those APIs to train or improve their models. We will not enable training on your data without your explicit opt-in or a separate written agreement.

You are responsible for limiting the secrets, credentials, and production-sensitive data exposed to Runs. Where feasible, design your Test Plans and test accounts so that highly sensitive values are not transmitted to model providers.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We disclose information only where needed for the Service or where legally permitted.

• Subprocessors: we engage subprocessors to help provide the Service, including AI model providers, email and communications providers, payment processors, analytics and product-telemetry providers, and customer support tools, together with other providers that help us securely host and operate the platform. All subprocessors process information under confidentiality and data-processing terms. A current list of subprocessors is available to customers on request. Customers under a data processing agreement may receive advance notice of material subprocessor changes and may object to a new subprocessor on reasonable data-protection grounds.
• Customer-directed integrations: services you connect, such as CI/CD, repositories, issue trackers, communications tools, identity providers, or test environments.
• Legal and safety disclosures: where required by law, court order, valid legal process, or to protect rights, safety, security, or the integrity of the Service.
• Business transfers: in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encryption in transit, encryption at rest where supported by the underlying service, monitoring, logging, and least-privilege operational practices.

No internet service can guarantee absolute security. Customers are responsible for configuring test environments safely, limiting credentials and secrets exposed to Runs, masking or avoiding production-sensitive data where possible, and using appropriate access controls for their own users.

If we become aware of a personal data breach affecting your information, we will notify affected account owners or administrators without undue delay and provide reasonable assistance to help you meet your own notification obligations.

Unless we agree in writing, you must not submit protected health information, payment cardholder data, government identifiers, biometric identifiers, children's data, export-controlled data, or other highly regulated sensitive data to the Service.

If your use case requires regulated or sensitive data, contact us before using Autonomy QA so we can evaluate whether additional terms, technical controls, or a separate data processing agreement are required.

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support backups and audit logs.

Customer test artifacts are retained according to your plan, workspace settings, order form, or applicable agreement. Where no specific retention setting applies, we retain artifacts only for as long as needed for the product purpose for which they were collected and then delete or de-identify them in the ordinary course of business.

When an account is closed or a deletion request is completed, we delete or de-identify the associated customer content within a commercially reasonable period, typically within 90 days, except where longer retention is required by law. Residual copies in encrypted backups are purged on our ordinary backup rotation cycle.

We may process information in countries other than where you are located. Some subprocessors, including certain AI model providers, may process data in the United States or other countries.

Where required for transfers out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable), supplemented by data-processing terms and vendor security reviews.

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about how your personal information is used. California residents may also have rights to know, delete, correct, opt out of sale or sharing, and limit certain uses of sensitive personal information.

We will not discriminate against you for exercising privacy rights. If your information is controlled by an Autonomy QA customer, we may direct your request to that customer or assist them in responding.

We use essential cookies for authentication, session management, security, fraud prevention, and preferences. We may use analytics and attribution technologies to understand product usage and improve the website and Service. You can control cookies through your browser settings, but disabling essential cookies may prevent parts of the Service from working.

Autonomy QA is intended for business users and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice by updating this page, changing the date above, and, where appropriate, notifying account owners or administrators.

If you have questions about this Privacy Policy, your data rights, or our security practices, contact us at: