Privacy Policy

1. Introduction

Welcome to Qwarm ("we," "us," or "our"). Qwarm is an AI-powered QA and UX testing platform that enables you to write natural-language test flows and execute them via automated browsers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

By accessing or using Qwarm, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, display name, and authentication credentials. If you sign up via a third-party provider, we receive basic profile information from that provider.

2.2 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, device information, IP address, and referring URLs.

2.3 Testing Data

When you create and execute test flows, we store your test definitions, variable configurations, execution results, screenshots captured during test runs, and AI-generated insights. Sensitive variable values (such as passwords or API keys) are encrypted at rest using AES-256-GCM encryption.

2.4 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by our third-party payment processor. We do not store your credit card number, bank account details, or other financial information on our servers. We only receive confirmation of payment status, subscription tier, and billing period.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including executing your test flows and generating reports
• Process your transactions and manage your subscription
• Send you service-related communications, such as account verification, billing notices, and security alerts
• Improve and personalize the Service based on usage patterns and feedback
• Monitor and analyze usage trends to enhance reliability and performance
• Detect, prevent, and address fraud, abuse, or technical issues
• Comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you have requested (e.g., running test flows, managing your account)
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights
• Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information to third parties. We may share your data with the following categories of service providers who assist us in operating the Service:

• Database & Authentication: Supabase — stores your account data, test configurations, and execution results with row-level security
• Payment Processing: Our payment processor handles subscription billing and payment transactions securely
• AI Processing: Anthropic — processes test step interpretation and insight generation. Test content is sent to their API for processing but is not used to train their models
• Hosting & Infrastructure: Vercel — hosts the web application and serves content globally
• Job Processing: Trigger.dev — executes long-running test automation jobs in isolated environments

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).

Test execution data, including screenshots and run results, is retained for the duration of your subscription. You may delete individual projects or flows at any time, which will also remove their associated run data.

7. Your Rights

7.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain conditions
• Right to Restriction: Request that we limit the processing of your personal data
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Right to Object: Object to the processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

7.2 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of personal information we have collected from you
• Right to Opt-Out: Opt out of the sale of your personal information. Note: we do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

To exercise any of these rights, please contact us at contact@qwarm.com. We will respond to your request within 30 days.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use the Service. The types of cookies we use include:

• Essential Cookies: Required for the Service to function properly, including authentication tokens and session management. These cannot be disabled.
• Analytics Cookies: Help us understand usage patterns and improve the Service. You may opt out of these through your browser settings.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards to ensure your personal data remains protected, including Standard Contractual Clauses approved by the European Commission where applicable.

10. Security Measures

We implement industry-standard security measures to protect your personal data, including encryption of sensitive data at rest (AES-256-GCM) and in transit (TLS), row-level security policies on our database, secure authentication mechanisms, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send you a notification via email. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Qwarm
Email: team@qwarm.ai