Privacy Policy

Effective Date: January 1, 2026 | Last Updated: January 15, 2026

1. Information We Collect

Account Information

When you create an account with Ai2QA, we collect:

• Email address
• Name
• Organization name (optional)
• Authentication data via Clerk (our identity provider)

Test Run Data

When you use Ai2QA to run tests, we collect:

• Target URLs you submit for testing
• Test goals and configurations
• Screenshots and DOM snapshots of tested pages
• Test results and execution logs

Payment Information

Payment processing is handled by Stripe. SameThoughts, Inc. does not store credit card numbers or sensitive payment details directly.

2. How We Use Your Information

We use the information we collect to:

• Provide and improve the Ai2QA service
• Process credit purchases and payments
• Send test completion notifications and reports
• Provide customer support
• Detect and prevent fraud or abuse

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service. The types of cookies we use include:

• Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Service (via PostHog). You may opt out of these.
• Preference Cookies: Remember your settings and preferences for a better experience.

Most web browsers allow you to control cookies through their settings. However, disabling certain cookies may limit your ability to use some features of our Service.

4. Artificial Intelligence and Machine Learning

Ai2QA uses third-party AI services (such as Google Gemini) to power our autonomous testing capabilities. Regarding AI and your data:

• We do not use your data to train AI models. Your test plans, screenshots, and results are not used to train, improve, or fine-tune any machine learning models.
• AI processing is performed in real-time solely to execute your test runs.
• Test plan content is discarded immediately after analysis and is not stored for AI training purposes.
• We use commercially available AI APIs under their enterprise terms, which prohibit using customer data for model training.

5. Data Retention

Test artifacts (screenshots, reports, DOM snapshots) are automatically deleted after 90 days by default. Account information is retained for the duration of your account. You may request earlier deletion of your data by contacting us at legal@ai2qa.com.

6. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Multi-tenant isolation prevents cross-tenant data access
• Regular security audits and penetration testing
• Infrastructure hosted on Google Cloud Platform with SOC 2 compliance

7. Third-Party Services and Subprocessors

Ai2QA uses the following third-party services ("Subprocessors") to provide our Service:

• Clerk (USA) - Authentication and identity management
• Stripe (USA) - Payment processing
• Google Cloud Platform (USA) - Infrastructure, storage, and AI services
• PostHog (USA/EU) - Product analytics and usage tracking

Each Subprocessor is contractually obligated to protect your data in accordance with applicable data protection laws. We maintain an up-to-date list of Subprocessors and will notify customers of any changes.

8. Data Processing Addendum (DPA)

For enterprise customers who require a Data Processing Addendum to comply with GDPR or other data protection regulations, please contact us at legal@ai2qa.com. Our DPA includes Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Export your data in a portable format
• Restrict or object to certain processing activities
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority
• Opt out of marketing communications

To exercise any of these rights, contact us at legal@ai2qa.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information is collected and how it is used
• The right to request deletion of personal information
• The right to opt out of the sale or sharing of personal information
• The right to non-discrimination for exercising your privacy rights

We do not sell your personal information. To exercise your California privacy rights, contact us at legal@ai2qa.com.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

Our legal basis for processing your personal data includes: (a) performance of a contract, (b) legitimate interests, (c) compliance with legal obligations, and (d) your consent where applicable.

12. International Data Transfers

Your data may be processed in the United States, where our servers and Subprocessors are located. For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-U.S. Data Privacy Framework, where applicable
• Other lawful transfer mechanisms as required

By using Ai2QA, you acknowledge and consent to the transfer of your data to the United States in accordance with these safeguards.

13. Children's Privacy

Ai2QA is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we have collected information from a child under 16, please contact us at legal@ai2qa.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last Updated" date, and, where required by law, sending you an email notification. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

15. Contact Information

For any questions regarding this Privacy Policy, or to exercise your privacy rights, please contact us at: