Privacy Policy

Last updated: 13 March 2025

This Privacy Policy explains how PersonaQA (“we”, “us”, “our”) collects, uses, stores and protects your information when you use our website and services at personaqa.com.

For the purposes of UK GDPR and the Data Protection Act 2018, PersonaQA is the data controller responsible for your personal data. For full company details, please see our Terms of Service.

1. Information We Collect

1.1 Information You Provide

When you register for an account, subscribe to a plan, or contact us, we may collect:

  • Account information: your name, email address, and password (or authentication token when signing in via Google OAuth).
  • Billing information: payment card details and billing address. These are collected and processed directly by our payment processor, Stripe, Inc. We do not store full card numbers on our servers.
  • Domains & URLs: the website addresses you submit for testing.
  • Communication data: any messages, feedback, or support requests you send us.
  • Access codes: pre-launch or promotional codes you redeem.
1.2 Information Collected Automatically

When you use our website or services we automatically collect:

  • Device & browser data: IP address, browser type and version, operating system, screen resolution, and language preferences.
  • Usage data: pages visited, features used, test runs started, timestamps, referral URLs, and click patterns.
  • Cookies & similar technologies: see Section 8 for full details.
1.3 Information Generated by Our Service

When you run a test, our AI-powered personas browse the URLs you specify and generate:

  • Page-level feedback, scores and recommendations.
  • Screenshots of pages visited during the test run.
  • Console logs, HTTP headers and network data captured from the target website.
  • Executive summaries and actionable insights produced by our AI models.

This data relates to your website and is stored in your account. It may contain information that is publicly visible on the pages tested.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: to create and manage your account, run tests, generate reports, and provide customer support.
  • Billing & subscriptions: to process payments, manage subscription tiers, track usage quotas, and send invoices.
  • Service improvement: to monitor performance, fix bugs, develop new features, and improve the accuracy of our AI personas.
  • Security: to detect, prevent and respond to fraud, abuse, security incidents, and technical issues.
  • Communications: to send transactional emails (account verification, password resets, run notifications), and, where you have opted in, product updates and marketing communications.
  • Legal compliance: to comply with applicable laws, regulations, or legal processes.

Where applicable data-protection law requires a legal basis (for example, the UK GDPR or EU GDPR), we rely on the following:

BasisExamples
Performance of a contractCreating your account, running tests, processing payments, delivering reports.
Legitimate interestsImproving the service, preventing fraud, internal analytics, ensuring network security.
ConsentMarketing emails, non-essential cookies, optional analytics.
Legal obligationTax record-keeping, responding to lawful data-access requests.

You may withdraw consent at any time by updating your preferences or contacting us.

4. Information Sharing & Third Parties

We do not sell your personal data. We share information only in the following circumstances:

4.1 Service Providers

We use trusted third-party providers to operate our service. These processors act on our instructions and are contractually bound to protect your data:

  • Stripe, Inc. — payment processing and subscription management.
  • Amazon Web Services (AWS) — cloud hosting, compute, storage, and serverless functions.
  • Google — OAuth authentication and (where enabled) analytics.
  • OpenAI / Anthropic — large language model (LLM) API calls used to power our AI personas. Prompts may include page content from the URLs you test; they do not include your personal information.
  • Email delivery providers — transactional and marketing emails.
4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or where necessary to protect our rights, safety, or property.

4.3 Business Transfers

If PersonaQA is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

5. AI Processing & Automated Decision-Making

PersonaQA uses artificial intelligence and large language models to:

  • Simulate user journeys on the websites you test.
  • Generate per-page feedback, scores, and recommendations.
  • Produce executive summaries and actionable insights.

These outputs are generated from publicly accessible content on the URLs you provide. Our AI does not make decisions that produce legal effects or similarly significant effects on you as an individual. AI-generated reports are informational tools intended to assist your own decision-making.

Content from your tested pages may be sent to third-party LLM providers (see Section 4.1) as part of API calls. We do not use your test data to train or fine-tune any AI models.

6. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure authentication with hashed passwords and optional OAuth.
  • Role-based access controls within our infrastructure.
  • Regular security reviews and dependency updates.
  • Infrastructure hosted on AWS with industry-standard physical and network security.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

  • Account data: for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
  • Test run data (reports, screenshots, logs): retained according to your subscription plan’s retention policy, or until you manually delete them.
  • Billing records: retained for the period required by applicable tax and accounting laws (typically 6–7 years).
  • Server logs: retained for up to 90 days for security and debugging purposes.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our service. For full details—including the specific cookies we use, their purpose, and how to manage your preferences—please see our Cookie Policy.

In summary, we use:

  • Essential cookies: required for authentication, security, and core functionality.
  • Functional cookies: to remember your preferences and settings.
  • Analytics cookies: to understand how our service is used (only with your consent where required).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data (“right to be forgotten”).
  • Portability: request your data in a structured, machine-readable format.
  • Restriction: request that we limit processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at contact@persona.qa. We will respond within 30 days (or sooner where required by law).

10. International Data Transfers

Our servers and service providers are located in various countries, including the United States. If you access our service from outside these countries, your information may be transferred to, stored, and processed in jurisdictions that may not offer the same level of data protection as your home country.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, to ensure adequate protection of your data.

11. Children’s Privacy

PersonaQA is a business-to-business service and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page.
  • Notify you by email or via an in-app notification where the change is significant.

Your continued use of the service after the effective date of any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Back to Home See also: Terms of Service · Cookie Policy · Acceptable Use

Ready to see your site through your customers' eyes?

Start your first AI-powered test run in under 2 minutes. No credit card required.

Get Started Free See Sample Report