Privacy Policy
Effective: August 11, 2025
1) What we collect
A. Data you provide
Identity & contact. Name, email address, and similar identifiers when you sign up, request access, or communicate with us.
Account & authentication. Credentials, team/workspace details, role, and settings.
Billing. Payment method, billing address, and transaction details (processed by our payment processor).
Customer content. Inputs you provide to the Services (e.g., test plans, prompts, URLs, credentials for test accounts, configuration files) and outputs the Services generate (e.g., run results, logs, screenshots, recordings, error traces, artifacts).
Support & feedback. Messages, attachments, ratings, surveys, and feature requests.
B. Data collected automatically
Usage data. Timestamps, pages viewed, buttons clicked, referring/exit pages, session duration, feature adoption, and similar telemetry.
Device & network. IP address (which may infer approximate location), browser/OS type and version, device identifiers, time zone, language, ISP.
Logs & diagnostics. System and application logs, crash reports, performance metrics, and error context to help us troubleshoot and secure the Services.
Cookies & similar tech. Cookies, local storage, and SDKs to run the site, keep you signed in, remember preferences, analyze usage, and measure campaigns. You can manage cookies via your browser settings and applicable consent tools. We honor Global Privacy Control (GPC) signals where required.
C. Data from third parties
Integrations. If you connect third-party services (e.g., SSO, issue trackers, CI/CD), we receive data those providers share per your configuration.
Vendors & partners. Basic business contact info, fraud signals, and analytics from service providers.
Public sources. Business contact information and public website data relevant to operating and improving the Services.
2) How we use data
We use personal data to:
Provide the Services. Operate, maintain, and deliver features, including running test agents, collecting results, and enabling integrations.
Secure & prevent abuse. Detect, investigate, and mitigate fraud, security incidents, spam, and violations of our policies.
Support & communicate. Respond to requests, send service-related notices, and provide onboarding and troubleshooting.
Billing & administration. Process payments, manage subscriptions, and handle account changes.
Improve & research. Measure performance and reliability, debug issues, and develop new features and quality improvements.
Comply with law & enforce terms. Satisfy legal obligations and enforce our agreements, including our Terms of Service and Usage Policy.
Model training and your content
We do not use your Customer Content (inputs, app data, logs, screenshots, recordings, test outputs) to train foundation models unless you explicitly opt in or submit content as feedback for that purpose.
We may use aggregated or de-identified telemetry to improve reliability, safety tooling, and product analytics.
If content is flagged for Trust & Safety review (e.g., suspected abuse), we may analyze it to improve detection and enforcement systems.
3) How we share data
We share personal data only as described below:
Affiliates. With Altquid-controlled entities, subject to this Policy.
Service providers. With vetted vendors who host infrastructure, process payments, provide analytics, customer support, security, email delivery, logging, and similar services. They may access personal data only to perform work for us and must protect it.
Integrations you enable. With third-party tools you connect (e.g., ticketing, Slack, CI/CD). Data shared depends on your configuration.
Legal, safety, and rights. To comply with law, respond to lawful requests, protect users and the public, and enforce contracts and policies.
Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to continued protection consistent with this Policy.
With consent. When you ask or authorize us to share.
We do not sell personal data. We also do not share personal data for cross-context behavioral advertising where prohibited by law.
We maintain a list of subprocessors upon request at contact@gowanus.ai and will provide notice of material changes as required.
4) Your rights & choices
Depending on your location, you may have rights to access, correct, delete, restrict, object, or port your personal data, and to withdraw consent where processing is based on consent.
Requests. Email contact@gowanus.ai. We may need to verify your identity and we will respond consistent with applicable law.
Marketing. You can opt out of marketing emails via unsubscribe links.
Cookies. Manage cookies in your browser and via consent banners where applicable.
GPC. We honor Global Privacy Control signals as required.
Appeals. If we deny a request, you may appeal by replying to our decision email.
When we act as a processor for a business customer, we will direct you to that customer to exercise your rights.
5) International data transfers
We are a U.S. company. We may transfer, store, and process personal data in the United States and other countries where we or our service providers operate.
Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and comparable transfer mechanisms, and we implement technical and organizational measures to protect transferred data.
6) Retention & deletion
We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and use case.
When data is no longer needed, we delete, de-identify, or aggregate it. You can request deletion of your account data at contact@gowanus.ai (subject to legal or contractual retention requirements).
7) Security
We implement administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit, network segregation, logging/monitoring, vulnerability management, and regular backups. No method of transmission or storage is perfectly secure; we work to continuously improve our defenses.
8) Children
The Services are not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, contact contact@gowanus.ai and we will take appropriate steps to delete it.
9) Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will take appropriate steps to notify you (e.g., by posting an update in the app or on our website) and update the “Effective” date above. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.
10) Legal bases for processing (EEA/UK/Switzerland)
When applicable law requires a legal basis, we rely on the following:
Purpose | Categories | Legal Basis |
|---|---|---|
Provide and operate the Services | Identity & contact; Account; Customer content; Usage; Device/Network; Billing | Contract; Legitimate interests (to deliver and improve core functionality) |
Billing and payments | Identity & contact; Billing | Contract; Legal obligation |
Security, fraud prevention, and abuse detection | Identity & contact; Usage; Device/Network; Logs/Diagnostics; Customer content (if implicated) | Legitimate interests; Legal obligation |
Support and communications | Identity & contact; Support & feedback; Usage | Contract; Legitimate interests; Consent (where required) |
Product improvement and research (excluding model training on Customer Content) | Usage; Device/Network; Logs/Diagnostics; Support & feedback | Legitimate interests |
Trust & Safety review and policy enforcement | Relevant categories necessary to investigate | Legitimate interests; Legal obligation |
Marketing communications | Identity & contact; Usage | Consent (where required); Legitimate interests (B2B direct marketing permitted by law) |
Compliance and legal requests | Relevant categories | Legal obligation; Legitimate interests |
11) Supplemental disclosures for Canada
Consent. We collect, use, and disclose personal data with your consent or as otherwise permitted by law. Consent may be express or implied depending on context and sensitivity. You may withdraw consent, subject to legal/contractual limits and reasonable notice.
Cross-border transfers. Personal data may be transferred to and processed in other jurisdictions (including the U.S.) where laws may differ. In such cases, local authorities may access data per applicable law.
Rights & inquiries. To access, correct, or delete your personal data, or for questions or complaints, email contact@gowanus.ai.
12) Supplemental disclosures for Brazil (LGPD)
Legal bases. Depending on context, we may process data under bases such as consent, contract performance, compliance with legal obligations, legitimate interests (balanced against your rights), or exercise of rights in judicial, administrative, or arbitration procedures.
Data subject rights. You may request: confirmation of processing; access; correction; anonymization, blocking, or deletion of unnecessary/excessive/non-compliant data; portability; information on public and private entities with which we share data; information on the possibility of denying consent and the consequences; withdrawal of consent; and review of decisions made solely by automated processing where applicable.
International transfers. We use mechanisms permitted by law (e.g., SCCs approved by ANPD where applicable) for cross-border transfers.
Requests. Submit LGPD requests to contact@gowanus.ai.
13) Contact
For any privacy questions, requests, or complaints, email contact@gowanus.ai.
Altquid, Inc. is the controller for personal data processed under this Policy unless otherwise stated in a customer agreement.
14) Additional notes
Automated decision-making. We do not engage in solely automated decisions that produce legal or similarly significant effects without appropriate human review where required by law.
Do Not Track. Our Services do not currently respond to “Do Not Track” signals; we do honor GPC where required.
Processor role. When we process personal data on behalf of a business customer, we do so under their instructions and our data processing terms. In those cases, please contact the customer to exercise your rights.