Mechasmmechasm logoMechasmbeta

Privacy Policy

Last updated: 1/1/2026

1. Introduction

Mechasm ("we," "us," or "our") operates an AI-powered automated testing platform. We respect your privacy and are committed to protecting your personal data. This privacy policy informs you about how we look after your personal data when you visit our website or use our services and tells you about your privacy rights and how the law protects you.

2. Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

  • Identity Data: Name, email address, and profile images (often imported from OAuth providers like Google or GitHub).
  • Contact Data: Email address. (Billing addresses are handled securely by Stripe and not stored on our servers).
  • User Content: Data you generate or upload while using the Service, including test scripts, natural language test descriptions, recorded videos of test runs, screenshots, and test execution reports.
  • Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting, operating system, and platform.
  • Usage Data: Information about how you use our website and services, including button clicks, page views, and feature interaction.
  • Transaction Data: Details about payments to and from you and details of products and services you have purchased (handled securely via Stripe).

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our Service, including generating AI-powered tests.
  • To manage your account and subscription.
  • To communicate with you about updates, security alerts, and support.
  • To prevent fraud and ensure the security of our platform.

4. Use of AI Models

Our Service utilizes advanced Artificial Intelligence (AI) models to generate test scripts and analyze results.

  • Data Sharing: When you request AI generation, your inputs (e.g., test descriptions, HTML snapshots) may be sent to third-party AI providers including Google (Gemini), Groq, and OpenRouter for processing.
  • No Training on Personal Data: We utilize AI providers (such as Google and Groq) whose terms state that they do not use data submitted via their APIs to train their foundational models.
  • Accuracy: AI-generated content is probabilistic. We process this data to provide the Service but do not guarantee 100% accuracy.

5. Disclosure of Your Personal Data

We may share your personal data with the following categories of third parties:

  • Service Providers:
    • Cloudflare & Hetzner: For cloud infrastructure and storage of assets (videos, screenshots).
    • Vercel: For web hosting and edge computing.
    • Aiven: For database hosting.
    • Stripe: For payment processing (we do not store full credit card details).
    • Email Service Providers: For sending transactional emails.
  • Analytics Providers: Google Analytics and Microsoft Clarity (only if you consent via our Cookie banner).
  • AI Providers: Google, Groq, and OpenRouter (as described in Section 4).
  • Legal Requirements: If required by law or to protect our rights.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

  • Account Data: Retained as long as your account is active.
  • Test Assets: Large assets like video recordings of test runs may be deleted after a specific period (e.g., 30-90 days) to manage storage costs, unless otherwise specified in your plan.

7. International Transfers

Our servers and third-party providers are located in both the European Union (approx. 70%) and the United States. If you access the Service from outside these regions, please be aware that your information may be transferred to, stored, and processed in these locations. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with our major providers to ensure GDPR compliance.

8. Your Legal Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
  • Right to Restriction: Request to limit processing.
  • Right to Portability: Receive your data in a structured format.
  • Right to Object: Object to processing based on legitimate interests.

To exercise these rights, please contact us at [email protected].

9. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the 'Last updated' date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:
Email: [email protected]