Privacy Policy

Effective: 2026-05-26

Who we are

TestMyVibes ("TMV", "we", "us") is a QA-as-a-service platform operated by Samia Harris Enterprises, Inc., a company organized in Canada, contactable at support@testmyvibes.com.

What we collect

• Account data: email, name, password hash (bcrypt), profile slug, timezone, role.
• Billing data: Stripe customer ID + payment metadata (Stripe stores card details — we never see them).
• Test submission data: URLs you ask us to test, descriptions, AI agent screenshots + action trails + console errors + failed network requests captured during your tests. Retained 30 days.
• API + MCP usage: request logs (keyed by API key), counts, errors.
• Cookies: session cookie (auth) + optional analytics cookies (you opt in via the consent banner).

How we use it

• Run the QA tests you request and deliver results.
• Bill you per test (or recognize the internal-use bypass when applicable).
• Operate + improve the service: error logs, performance monitoring, fraud + abuse detection.
• Email you transactional notifications (test complete, low credits, weekly summaries). You can opt out of non-essential email in account settings.

Who we share it with

• Stripe (payment processing) — see stripe.com/privacy.
• OpenAI (the AI vision agent's calls) — see openai.com/privacy. We do not send personally identifiable information from your test inputs to OpenAI; only the URL and the agent's screenshot of the customer site.
• DigitalOcean Spaces (file storage for screenshots).
• Mailgun (transactional email delivery).
• Telnyx (only when you opt into the SMS-throwaway feature, for that specific test's number rental).
• Law enforcement, when legally required.

We never sell or rent personal data. We never share customer test submissions with any third party except as required to deliver the test.

Your rights (GDPR / CCPA / PIPEDA)

You can request access to, correction of, or deletion of your data at any time by emailing privacy@testmyvibes.com. We respond within 30 days. EU + UK residents have additional rights under GDPR; California residents have CCPA/CPRA rights; Canadian residents have PIPEDA rights. We honor all of them.

Retention

• AI test screenshots: 30 days, then auto-deleted by a background sweep.
• Account + billing records: retained while your account is active + 7 years after closure (tax + legal compliance).
• Test reports + bug lists: kept while account is active, available for export.
• Kept-alive test personas (Repeat Test feature): 30 days from last use; auto-reaped.

Cookies

We use a session cookie (essential, auth) and optional analytics cookies (only if you accept via the banner). No third-party advertising cookies.

International transfers

Our servers are in DigitalOcean's NYC region. EU + UK data is processed under Standard Contractual Clauses.

Changes to this policy

We'll notify you by email of material changes at least 30 days before they take effect.

Contact

privacy@testmyvibes.com · Support