Introduction
ValiqAI ("we", "us", "our") operates the ValiqAI web application quality scanning platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data.
By using ValiqAI, you agree to the collection and use of information as described in this policy. If you do not agree with any part of this policy, please do not use our service.
Information We Collect
We collect several types of information to provide and improve our service.
Account Information
When you create an account, we collect:
- •Your email address (required for account creation and communication)
- •Your name or display name (to personalize your experience)
- •Password (stored in hashed form, we cannot see your actual password)
- •Profile photo (if you choose to upload one or use OAuth)
OAuth and Third-Party Sign-In
If you sign in using Google or GitHub, we receive:
- •Your email address from the OAuth provider
- •Your name as registered with the OAuth provider
- •Your profile picture URL (if available)
- •A unique identifier from the OAuth provider to link your account
We do not receive or store your password from these providers. We only request basic profile information needed to create your account.
Profile and Preferences
You may optionally provide additional information:
- •Job title and company name
- •Your role (QA Engineer, Developer, etc.)
- •Use case preferences (what you want to achieve with ValiqAI)
- •Theme preferences (light or dark mode)
- •Notification settings
Organization Information
If you create or join an organization, we collect:
- •Organization name
- •Billing email address (for paid plans)
- •Team member email addresses (when you invite others)
- •Integration tokens (for Slack, Jira, etc., stored encrypted)
Scan Data
When you run scans, we collect and store:
- •URLs you submit for scanning
- •Scan results, findings, and screenshots
- •Console logs and network requests from scanned pages
- •Scan configuration and settings you choose
- •Test credentials you provide (stored encrypted, used only for your scans)
Important: Test credentials are encrypted at rest and in transit. They are only used to authenticate during your scans and are never exposed in logs or to third parties.
Payment Information
We use Stripe to process payments. When you subscribe to a paid plan, Stripe collects and stores your payment card details. We do not store your full card number on our servers. We only store:
- •Your Stripe customer ID (to link your ValiqAI account to your Stripe account)
- •Your subscription ID and status
- •Last four digits of your card (for display purposes only)
Usage and Analytics Data
We automatically collect certain information when you use ValiqAI:
- •Pages you visit and features you use
- •Time spent on the platform
- •Browser type and version
- •Device type and operating system
- •IP address (used for security and approximate location)
- •Referral source (how you found us)
You can opt out of non-essential analytics tracking via the cookie consent banner when you first visit our site.
Error and Performance Data
We use Sentry to track errors and improve application stability. When an error occurs, Sentry may collect:
- •Error messages and stack traces
- •Browser and device information
- •Session replay data (to help us see what led to an error)
How We Use Your Information
We use the information we collect for the following purposes:
- •Provide the service: Run scans, generate reports, and deliver the core functionality of ValiqAI.
- •Account management: Create and maintain your account, authenticate your sessions, and manage your subscriptions.
- •Communication: Send you important updates about your account, scan results, service changes, and security alerts.
- •Improvement: Analyze usage patterns to improve features, fix bugs, and make the product better.
- •Security: Detect and prevent fraud, abuse, and unauthorized access to our systems.
- •Legal compliance: Meet our legal obligations and respond to lawful requests from authorities.
Who We Share Your Information With
We do not sell your personal information. We share information only in these situations:
Service Providers
We use third-party services to operate ValiqAI. These providers only have access to the information they need to perform their services and are bound by confidentiality agreements.
- •Stripe: Payment processing
- •Sentry: Error tracking and monitoring
- •Anthropic & OpenAI: AI model inference used to analyze scans
- •Cloud hosting providers: Data storage and infrastructure
- •Email service providers: Transactional emails
AI Processing
ValiqAI uses third-party AI providers (Anthropic and OpenAI) to power its scans. When you run a scan, content from the pages being scanned, such as page text, screenshots, and technical metadata, may be sent to these providers to analyze the target and generate results. These providers process this data only to return a response to us, and under their API terms they do not use it to train their models. The full list of providers is on our Subprocessors page.
Your Organization
If you are part of an organization on ValiqAI, other members of that organization with appropriate permissions may see your scan history, results, and activity within the organization.
Integrations You Enable
If you connect integrations (Slack, Jira, GitHub, etc.), we share relevant scan data with those services as you configure. You control which integrations are enabled and what data is shared.
Legal Requirements
We may disclose your information if required by law, subpoena, court order, or other legal process. We may also disclose information if we believe it is necessary to protect the rights, property, or safety of ValiqAI, our users, or the public.
Business Transfers
If ValiqAI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
Data Retention
We retain your information for as long as your account is active or as needed to provide you services. Specific retention periods:
- •Account data: Retained until you delete your account
- •Scan history (Free tier): 7 days
- •Scan history (Paid plans): 90 days to unlimited, depending on plan
- •Billing records: 7 years (for tax and legal compliance)
- •Analytics data: Aggregated data may be retained indefinitely; personally identifiable analytics data is deleted after 2 years
Your Rights
Depending on where you live, you may have certain rights regarding your personal information:
Access and Portability
You can request a copy of the personal data we hold about you. We provide a data export feature in your account settings that lets you download your data in a machine-readable format.
Correction
You can update most of your personal information directly in your account settings. If you need help correcting other information, contact us.
Deletion
You can delete your account at any time from your account settings. When you delete your account, we delete your personal information within 30 days. Some information may be retained longer for legal compliance or to resolve disputes.
Opt-Out of Analytics
You can opt out of analytics tracking by declining cookies when first visiting our site, or by clearing your browser data and declining cookies on your next visit.
Do Not Sell (California Residents)
We do not sell personal information. If you are a California resident and want to exercise rights under the CCPA, contact us at abhi@valiqai.com.
For Users in the European Union
If you are in the EU, the General Data Protection Regulation (GDPR) gives you additional rights:
- •Legal basis: We process your data based on your consent (for optional features), contract performance (to provide the service you signed up for), and legitimate interests (to improve our service and prevent fraud).
- •Data transfers: Your data may be transferred to and processed in the United States, where our servers are located. We use standard contractual clauses approved by the European Commission to protect data transferred outside the EU.
- •Right to object: You can object to processing based on legitimate interests at any time.
- •Right to complain: You have the right to lodge a complaint with your local data protection authority.
For California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you specific rights regarding your personal information. In the past 12 months we collect the categories of personal information described in "Information We Collect" above, such as identifiers (name, email), account and billing information, and internet/usage activity, for the business purposes described in this policy.
Right to know
You can request the categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties we share it with.
Right to delete & correct
You can request that we delete personal information we collected from you, or correct inaccurate personal information, subject to certain legal exceptions.
Right to opt out of sale/sharing
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Because we do not do either, there is nothing to opt out of, but this remains your right if that ever changes.
Right to non-discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise any of these rights, email us at abhi@valiqai.com. We will verify your request using your account information and respond within the timeframe required by law. You may use an authorized agent to submit a request on your behalf.
Security
We take the security of your information seriously. Measures we use include:
- •All data transmitted over HTTPS (TLS encryption)
- •Passwords hashed using industry-standard algorithms
- •Sensitive data (credentials, tokens) encrypted at rest
- •Regular security audits and vulnerability assessments
- •Access controls and authentication for internal systems
- •Employee training on data handling and security practices
No system is 100% secure. If you discover a security vulnerability, please report it to abhi@valiqai.com.
Children's Privacy
ValiqAI is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at abhi@valiqai.com and we will delete that information.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email or by posting a notice on our website. Your continued use of ValiqAI after changes are posted means you accept the updated policy. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at abhi@valiqai.com.
