Arzaan Consulting ("we", "us") operates the Qualixir platform at app.qualixir.ai. This Privacy Policy explains what data we collect, how we use it, how we store it, and what rights you have. We are committed to protecting your privacy and complying with applicable Canadian privacy legislation, including PIPEDA (Personal Information Protection and Electronic Documents Act).

1. What We Collect

We collect the following categories of information:

• Account information: Your name, email address, and organisation details provided during registration.
• Test data: Documents you upload, test cases, test suites, screenshots captured during test runs, and generated reports.
• Usage data: Test run counts, AI token consumption, cost tracking, feature usage patterns, and storage utilization.
• Payment information: Billing is processed entirely through Stripe. We do not store credit card numbers, CVVs, or full payment card details on our servers. Stripe provides us with a customer ID and subscription status for billing management.

2. How We Use Your Data

We use collected data to:

• Provide the service: Run your tests, generate reports, store your test artifacts, and manage your account.
• Improve AI models: We may use anonymized and aggregated usage patterns (not your raw test data) to improve our AI prompting strategies and platform performance. Your individual test data is never shared with third parties for model training.
• Billing: Process payments, manage subscriptions, and enforce plan limits.
• Support: Respond to your inquiries and troubleshoot issues.

3. Data Storage

Your data is stored using the following infrastructure:

• Database: Supabase Cloud (PostgreSQL). Primary region is US; Canadian hosting is available for customers who require data residency in Canada.
• File storage: Screenshots, uploaded documents, and generated reports are stored in Supabase Storage with server-side encryption at rest.
• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

4. Third-Party Services

We use the following third-party services to operate Qualixir. Each service receives only the data necessary for its function:

• Supabase — Database, authentication, and file storage.
• Stripe — Payment processing and subscription management.
• Anthropic (Claude) — AI-powered test analysis. Test data (including screenshots and step descriptions) is sent to Anthropic's API for analysis. Anthropic's data handling is governed by their privacy policy. Anthropic does not use API inputs to train their models.
• Vercel — Dashboard hosting and serverless functions.
• Railway — Worker service hosting (browser automation engine).
• Resend — Transactional email delivery (report sharing, notifications).

5. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• Screenshots: Retained for 30 days by default. This is configurable per project in your settings (you may extend or shorten the retention period).
• Cancelled accounts: Upon cancellation, your data remains available for export for 30 days. After 30 days, all data is permanently and irreversibly deleted from our systems, including backups.

6. Your Rights

Under PIPEDA and applicable privacy laws, you have the right to:

• Access your personal data — view and export all your data at any time through the Qualixir app.
• Correct inaccurate data — update your profile and organisation settings in the app.
• Delete your data — request complete account and data deletion by emailing privacy@qualixir.ai. We will process deletion requests within 30 days.
• Export your data — download your test cases, reports, and other data through the platform at any time.

7. Cookies

Qualixir uses a single essential cookie: the Supabase authentication session cookie. This cookie is necessary for maintaining your logged-in state and cannot be disabled while using the platform. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children

Qualixir is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete that data promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

10. Contact

If you have questions or concerns about your privacy or this policy, please contact us:

• Privacy inquiries: privacy@qualixir.ai
• General support: support@qualixir.ai
• Company: Arzaan Consulting, Calgary, Alberta, Canada