Privacy Policy

Effective Date: April 27, 2026

Gumptious Enterprises, LLC, a Delaware limited liability company ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting the personal information you share with us while using the Testees platform ("Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information. By using the Service, you agree to the collection and use of information in accordance with this Policy.

1. Information We Collect

A. Personal Information: When you register for an account, we may collect personally identifiable information, including but not limited to your name, email address, company name, and billing details (processed securely by our payment partners).

B. Application & Testing Data: The core function of Testees involves interacting with the web applications you authorize us to test. We collect and store data generated during these automated sessions, which may include:

  • URLs and DOM structures of your targeted applications.
  • Screenshots, video recordings, and Playwright execution traces.
  • Console logs, network requests, and system performance metrics.
  • AI-generated test scripts, assertions, and conversational prompts.

C. Usage Data: We automatically collect diagnostic data regarding how the Service is accessed and used, including your IP address, browser type, time spent on pages, and diagnostic telemetry to ensure platform stability.

2. How We Use Your Information

We use the collected data strictly for the following purposes:

  • Service Delivery: To execute autonomous testing, generate reports, and present visual artifacts within your dashboard.
  • AI Improvement: We may use anonymized, aggregated testing heuristics to train and improve the performance of our underlying AI models. We will never use your sensitive proprietary application data or Personally Identifiable Information (PII) to train public AI models.
  • Security and Compliance: To monitor for unauthorized scraping, investigate potential violations of our Terms of Service, and protect the integrity of our infrastructure.
  • Communication: To send you transactional emails, billing alerts, and critical system updates.

3. Data Sharing and Third-Party Subprocessors

We do not sell, rent, or trade your personal information. We may share your data with trusted third-party service providers (subprocessors) solely to facilitate our Service. These include:

  • Cloud Infrastructure: AWS, Vercel, or similar providers for hosting and database management.
  • AI Partners: Google (Gemini) or OpenAI for processing natural language prompts and visual reasoning. Note: Prompts sent to our enterprise AI partners are bound by zero-data-retention agreements for model training.
  • Payment Processors: Stripe for secure billing processing. We do not store your full credit card information on our servers.
  • Background Orchestration: Trigger.dev for executing cloud-based tasks.

We reserve the right to disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), particularly in cases involving unauthorized penetration testing of third-party systems.

4. Data Retention and Deletion

We retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. Testing artifacts (screenshots, traces, videos) are automatically purged based on your subscription tier's retention limits (e.g., 7 days, 30 days, or 90 days).

You may request the complete deletion of your account and associated data at any time by contacting our support team or utilizing the account settings panel. Upon deletion, data may remain in encrypted backup archives for up to 30 days before being permanently destroyed.

5. User Responsibility for Sensitive Data

As a testing platform, the Service will record whatever is visible on the screens of the applications you point it to. You are strictly prohibited from exposing the Service to highly sensitive live production data, including Protected Health Information (PHI), primary account numbers (PAN), or unredacted consumer PII. We accept no liability for the exposure of sensitive data that you voluntarily or inadvertently instruct the Service to record. You agree to utilize mock data, staging environments, or adequate redaction techniques during testing.

6. Security Measures

The security of your data is important to us. We implement industry-standard security measures, including encryption in transit (TLS) and at rest (AES-256), strict access controls, and regular vulnerability scanning. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee its absolute security and cannot be held liable for breaches beyond our reasonable control.

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Gumptious Enterprises, LLC
Email: privacy@gumptious.io