Skip to main content

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how P1·QA LLC (“Company,” “we,” “us,” or “our”) collects, uses, and protects information when you use the P1·QA platform and services. We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1. Information You Provide Directly:

  • Account information: name, email address, company name, job title
  • Application URLs and staging environment details submitted for QA testing
  • Environment credentials (API keys, auth tokens) provided for agent access
  • Billing information processed through our payment provider (Stripe)
  • Communications: support requests, feedback, and correspondence

1.2. Information Collected Automatically:

  • Usage data: pages visited, features used, session duration
  • Device information: browser type, operating system, screen resolution
  • IP address and approximate geographic location
  • Referral source and landing page information

2. How We Use Your Data

We use collected information to:

  • Provide, maintain, and improve our QA testing services
  • Configure and execute AI agents against your applications
  • Generate test results, bug reports, and performance reports
  • Send test results, alerts, and service notifications
  • Process payments and manage subscriptions
  • Respond to support requests and communications
  • Improve our AI models using anonymized, aggregated patterns
  • Comply with legal obligations

We never sell your personal data to third parties.

3. Data From Client Applications

When our AI agents test your applications, they may encounter or interact with:

  • Page content, DOM structure, and UI elements
  • API responses and data payloads
  • Screenshots and visual snapshots for regression comparison
  • Network requests, response times, and error logs
  • Accessibility attributes and ARIA properties

Important: Our agents interact with your applications through standard browser and API protocols — the same way a human tester would. We do not access, copy, or store your source code.

Test artifacts (screenshots, logs, reports) are stored securely and accessible only to authorized members of your team.

4. Data Storage & Security

We implement industry-standard security measures:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Database hosting through Supabase with row-level security (RLS) policies
  • Environment credentials are stored in encrypted vaults with access controls
  • Access to client data is strictly scoped — agents and personnel only access what is necessary
  • Regular security audits and vulnerability assessments

5. Third-Party Services

We use the following third-party services, each with their own privacy policies:

ServicePurpose
VercelWebsite hosting and deployment
SupabaseDatabase, authentication, and storage
StripePayment processing (PCI DSS compliant)
Anthropic (Claude)AI model provider for test generation and analysis
HetznerInfrastructure hosting (EU data centers)
n8nWorkflow orchestration (self-hosted)

We only share data with third parties as necessary to provide the Service. We do not sell data to advertisers or data brokers.

6. Cookies & Tracking

6.1. Essential Cookies: We use strictly necessary cookies for authentication, session management, and security. These cannot be disabled.

6.2. Analytics Cookies: We may use privacy-respecting analytics to understand how users interact with our website. We do not use Google Analytics or Facebook Pixel.

6.3. No Ad Tracking: We do not use advertising cookies or cross-site tracking technologies. We do not build advertising profiles.

7. Data Retention

Data TypeRetention Period
Account informationDuration of subscription + 30 days
Test results & reportsDuration of subscription + 30 days
Screenshots & visual diffs90 days (rolling)
Environment credentialsDeleted immediately upon cancellation
Billing records7 years (legal requirement)
Anonymized usage patternsIndefinitely (non-identifiable)

You may request early deletion of your data at any time (see Section 10).

8. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), the following applies:

Legal Basis for Processing: We process your data based on: (a) performance of a contract (providing the Service), (b) legitimate interests (improving our Service, security), and (c) your consent (marketing communications).

Your GDPR Rights:

  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent at any time

To exercise these rights, contact us at info@p1qa.com. We will respond within 30 days.

9. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt out of the sale of personal information
  • Right to non-discrimination for exercising your CCPA rights

We do not sell personal information. We have not sold personal information in the preceding 12 months. To submit a CCPA request, contact us at info@p1qa.com.

10. Your Rights

Regardless of your location, you have the right to:

  • Access your personal data and request a copy
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Opt out of marketing communications at any time
  • Export your test results and reports in standard formats

We will respond to all data requests within 30 days.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

12. International Data Transfers

Your data may be processed in the United States and the European Union (Hetzner data centers). When transferring data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on our website. We encourage you to review this page regularly. Your continued use of the Service after changes take effect constitutes acceptance.

14. Contact

For privacy-related inquiries, data requests, or complaints, contact us at:

info@p1qa.com

P1·QA LLC
Wilmington, Delaware, United States

See also our Terms of Service.