Privacy Policy
1. Who we are
Argus QA ("Argus", "we", "us") is operated by GlobalNodes Technologies. Contact us at privacy@globalnodes.ai for any privacy questions. Our data protection point of contact is the same address.
2. Information we collect
2.1 Account information (from Google sign-in)
- Name, email address, and profile picture from your Google account
- Google account ID (used only to link your Argus account to your Google identity)
2.2 Content you create and submit
- Test requirements and instructions you type in the chat
- Uploaded PDF, DOCX, or text files used for manual test case generation
- URLs of the applications you generate tests against
- Login credentials you save in the Saved Logins vault (encrypted at rest with AES-256; passwords are never returned in plaintext after save)
- Test cases, generated Playwright specs, test runs, and their results
2.3 Usage and technical data
- Feature usage events (page views, test generation, test runs) via Google Analytics 4
- Server-side logs (request paths, status codes, response times) for debugging and abuse prevention
- Failure signals from generated tests, used to improve the generator (never contains your credentials or personal data — only the test code, error type, and failing selector)
2.4 Billing information
Payment processing is handled by Stripe. We store only the Stripe customer ID and subscription status. Card numbers, CVVs, and billing addresses are stored by Stripe, not by us.
3. How we use your data
- Run the product. Generate tests from your requirements, execute them against your target URLs, store results, run the Playwright automation.
- Send tests to Anthropic Claude. Your requirements, URLs, and page structure analyses are sent to the Anthropic Claude API for LLM-based generation. Anthropic's API terms do not use this data for training.
- Bill you. Track usage against your subscription plan; hand off to Stripe for payment.
- Improve the generator. Aggregate anonymous failure signals to identify anti-patterns and improve the prompt and lint rules over time. Individual generated code snippets may be reviewed by our engineering team when debugging quality issues.
- Prevent abuse. Rate-limit usage, detect malicious targets, refuse SSRF-vulnerable inputs.
- Communicate with you. Send transactional emails about your account (verification, billing, plan changes). We do not send marketing emails without explicit opt-in.
4. Who we share your data with
We share data only with the following processors, and only what each needs to perform its function:
- Anthropic (Claude API): receives your test requirements and page-analysis payloads to generate test code. Anthropic Privacy Policy.
- Google (OAuth + Analytics): handles authentication; receives anonymous usage events. Google Privacy Policy.
- Stripe (payments): handles all card data; receives your customer identifier. Stripe Privacy Policy.
- Amazon Web Services (hosting): runs our servers and stores our data (Firestore, S3, EKS in us-east-1). AWS Privacy Policy.
- Google Cloud Platform (Firestore): our primary database. GCP Privacy Notice.
We do not sell, rent, or trade your data. We do not share your data with advertising networks.
5. How long we keep it
- Account data: until you delete your account.
- Generated tests, sessions, and manual case runs: until you delete them or your account.
- Saved logins (encrypted): until you delete them.
- Test execution artifacts (screenshots, videos, traces): 90 days.
- Server logs: 30 days.
- Aggregate failure statistics: retained indefinitely in de-identified form (no user_id, no full URLs, only pattern shapes).
- Billing records: 7 years (statutory requirement).
6. Your rights (GDPR, CCPA, and similar)
If you are in the EEA, UK, California, or another jurisdiction with data-protection law, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to erasure")
- Export your data in a portable format
- Object to processing based on legitimate interests
- Withdraw consent where processing is based on consent
To exercise any of these rights, email privacy@globalnodes.ai. We respond within 30 days. You also have the right to file a complaint with your local data protection authority.
7. Security
We encrypt data in transit (TLS 1.2+) and passwords + saved login credentials at rest (AES-256 via Fernet). Access to production systems is limited to a small number of engineers and requires short-lived credentials. We do not have a formal SOC 2 certification yet; achieving it is on our roadmap. If you discover a security issue, please email security@globalnodes.ai (see also our security.txt).
8. Cookies and tracking
We use a small number of cookies for authentication (JWT token, kept only in localStorage — not in third-party cookies). We use Google Analytics 4 to understand product usage; GA sets its own cookies. We do not use advertising cookies or cross-site tracking pixels. If you have Do Not Track enabled, we still send analytics events by default; contact us if you want your account excluded.
9. Children
Argus is not intended for anyone under 16. We do not knowingly collect information from children under 16. If you believe we have inadvertently collected such data, contact us and we will delete it.
10. Changes to this policy
When we make material changes we will notify users via email or an in-app banner at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.
11. Governing law
This policy is governed by the laws of India, without regard to conflict-of-laws principles. Disputes will be resolved in the courts of Bengaluru, India.