Privacy Policy

Last updated: May 16, 2026

This Privacy Policy describes how Assertify ("we", "our", or "us") collects, uses, and shares information about you when you use our website (assertify.co), our web application (app.assertify.co), and related services (collectively, the "Service"). By using the Service, you agree to this Policy.

1. Information We Collect

Information you provide directly

• Account information. When you sign up, we collect your email address, name, and (if you set one) a password. If you sign in with Google or GitHub, we receive your email, name, and profile photo URL from that provider.
• Workspace and test content. Projects, folders, test definitions, suites, and any text you type into our app.
• Run artifacts. When you execute a test, we store screenshots, video recordings, and structured logs of the run.
• Communications. Anything you send us via support email or contact forms.

Information collected automatically

• Usage data. Pages visited, features used, approximate session duration. Used to improve the product.
• Device data. Browser type, OS, IP address, timestamps. Used for security and abuse prevention.
• Cookies and similar. Strictly-necessary cookies for session management (Firebase Authentication). We do not use advertising cookies.

2. How We Use Your Information

• To provide, maintain, and improve the Service.
• To authenticate you and secure your account.
• To execute your test runs and store the artifacts those runs produce.
• To send transactional emails (invites, password resets, account notifications).
• To respond to your support requests.
• To detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service.
• To comply with legal obligations.

We do not sell your personal information, and we do not use your test content to train AI models.

3. How We Share Your Information

We share data only with the third-party processors that power the Service:

• Google Firebase (Authentication, Firestore, Cloud Storage, Hosting, Cloud Run). Subject to Google's Firebase data processing terms.
• Google Cloud Platform (compute, networking). Subject to Google Cloud's standard data processing addendum.
• Stripe (payment processing — paid plans only). We never store your full card details; Stripe handles them directly.
• Anthropic (the optional AI agent feature, if you enable it). Prompts you submit through the Agent tab are sent to Anthropic's API. We do not share your test content with Anthropic unless you explicitly include it in a prompt.

We may disclose information when legally compelled (subpoena, court order), to enforce our Terms, or to protect rights, property, or safety. We will notify you of any such request unless legally prohibited.

4. Data Retention

• Active accounts. We retain your data for as long as your account is active.
• Deleted accounts. Within 30 days of account deletion we permanently delete your workspace data, with the exception of records we are required to retain for legal, tax, or fraud-prevention reasons.
• Run artifacts on the Free tier. Older runs may be auto-pruned to make room for newer ones.
• Backups. Encrypted backups may persist for up to 90 days after deletion.

5. Your Rights

Depending on where you live (e.g. EEA, UK, California), you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — ask us to fix inaccurate data.
• Deletion — ask us to delete your data.
• Portability — receive your data in a portable format.
• Restriction or objection — limit or object to certain processing.
• Withdraw consent — for processing based on consent.

To exercise any of these rights, email us at privacy@assertify.co. We respond within 30 days.

6. Security

We use industry-standard safeguards including TLS for data in transit, encryption at rest for data stored in Google Cloud, and least-privilege access controls for our team. No system is perfectly secure; if you discover a vulnerability, please report it to security@assertify.co.

7. International Transfers

Assertify is operated from {{COUNTRY_OF_INCORPORATION}}, and our cloud infrastructure is hosted in the United States and the European Union depending on your region. Where required, we rely on Standard Contractual Clauses approved by the European Commission to safeguard transfers of personal data outside the EEA.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we'll delete it.

9. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or via a banner in the Service at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.