Privacy Policy

Privacy Policy

Effective Date: [MONTH DAY, YEAR]
Last Updated: [MONTH DAY, YEAR]

TestSavantAI and its affiliates identified in this Policy, if any, (“TestSavantAI,” “we,” “us,” or “our”) respect your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our website located at www.TestSavant.AI, our software platform, APIs, SDKs, evaluation and testing tools, red-teaming tools, browser tools, guardrail and policy enforcement tools, telemetry, reporting, and related services, together with any demos, trials, support, events, and business communications that link to or reference this Policy (collectively, the “Services”).

This Policy applies to:
website visitors;
prospective customers and business contacts;
customer administrators, authorized users, and trial users;
individuals who communicate with us for support, sales, security, or partnership purposes; and
individuals whose personal data is included in content submitted to the Services by or on behalf of our customers.

This Policy does not apply to third-party websites, applications, or services that are not controlled by TestSavantAI, even if they are linked to or integrated with the Services.

1. Roles and scope

For website operations, marketing, sales, account administration, billing, vendor management, security operations, and our general business operations, TestSavantAI generally acts as the data controller, or the business under applicable U.S. privacy law, for the personal data we process for those purposes.

For customer-submitted content processed through the Services on behalf of a customer, TestSavantAI generally acts as a processor, service provider, or similar role under applicable law, and the customer remains responsible for determining the purposes for which that data is collected and submitted to the Services. This typically includes data our customers upload, connect, generate, or otherwise submit for testing, evaluation, red-teaming, guardrails, telemetry, analysis, reporting, or workflow execution (“Customer Data”).

Where a customer uses the Services to process personal data relating to its own employees, users, customers, policyholders, claimants, patients, contractors, or other individuals, that customer is responsible for providing any required notices, obtaining any required consents, and ensuring it has an appropriate legal basis for the processing.

2. Personal data we collect

We collect personal data in the following categories, depending on how you interact with the Services.

A. Information you provide directly

We may collect:
name, business email address, phone number, company name, job title, and other business contact details;
account registration information, such as username, password, single sign-on identifiers, and profile details;
billing and transaction information, such as billing contact details, invoicing details, and payment-related metadata;
communications you send to us, including emails, support tickets, chat messages, meeting notes, webinar registrations, event registrations, survey responses, and feedback;
information submitted through forms on our website, such as demo requests, newsletter sign-ups, waitlists, partnership requests, and contact forms; and
any other information you choose to provide.

B. Customer Data and platform content

When customers use the Services, we may process data submitted to the platform, including:
prompts, instructions, system prompts, messages, model inputs, model outputs, tool inputs and outputs, traces, logs, transcripts, and workflow records;
uploaded or connected files, documents, datasets, knowledge base content, reference materials, screenshots, and attachments;
evaluation results, test cases, scoring outputs, red-team results, hallucination analyses, risk findings, guardrail events, policy decisions, audit artifacts, and reports;
identifiers, metadata, and contextual information associated with tests, runs, sessions, organizations, users, models, tools, integrations, and environments; and
other data a customer or its authorized users choose to submit, connect, generate, or export through the Services.

Because TestSavantAI is an assurance, testing, and guardrail platform, Customer Data may contain personal data, confidential business information, regulated records, prompts, model outputs, and system telemetry if a customer chooses to submit or connect that information.

C. Information collected automatically

We and our service providers may automatically collect:
IP address, approximate geolocation inferred from IP, browser type, operating system, device identifiers, language settings, and referring URLs;
log data, timestamps, session identifiers, authentication events, API usage records, clickstream data, and page interaction data;
diagnostic, performance, and crash data;
security and fraud-prevention data, including access logs, risk signals, and anomalous usage indicators; and
cookie, local storage, pixel, or similar technology data as described in the Cookies section below.

D. Information from third parties

We may receive personal data from:
identity and single sign-on providers;
resellers, referral partners, channel partners, or implementation partners;
event platforms and webinar providers;
public sources such as company websites and professional networking profiles;
data enrichment or lead generation providers used for B2B outreach, where permitted by law; and
customers or other users who invite, refer, or provision you to use the Services.

3. How we use personal data

We use personal data for the following purposes, as applicable:

to provide, operate, maintain, administer, and secure the Services;
to provision accounts, authenticate users, enforce permissions, and manage organizations and subscriptions;
to process transactions, invoices, payments, and contract administration;
to provide customer support, technical support, implementation support, onboarding, and training;
to run, analyze, score, compare, monitor, and report on evaluations, tests, red-team exercises, guardrail execution, agent and model behaviors, and related platform workflows;
to detect, prevent, investigate, and respond to abuse, fraud, security incidents, data loss, service misuse, or violations of our agreements;
to improve the reliability, security, usability, and performance of the Services;
to communicate with you about the Services, updates, changes, support matters, product announcements, events, newsletters, surveys, and other business communications;
to personalize website and product experiences where permitted by law;
to comply with legal obligations, enforce our agreements, protect our rights, and defend against legal claims; and
to evaluate or complete a financing, merger, acquisition, reorganization, sale of assets, or similar corporate transaction.

Legal bases

If and to the extent the GDPR, UK GDPR, or similar laws apply, we generally process personal data on one or more of the following grounds:
performance of a contract or steps taken at your request before entering into a contract;
our legitimate interests, such as operating and securing the Services, improving product quality, supporting customers, preventing misuse, and conducting ordinary B2B marketing;
compliance with legal obligations; and
your consent, where required by law.

4. Product improvement and AI or model training

We do not use Customer Data submitted to the Services to train general-purpose foundation models for other customers or third parties unless a customer has expressly opted in through a separate written agreement.

We may use Customer Data to provide the Services requested by the customer, including running tests, evaluations, red-team exercises, scoring, telemetry, guardrails, reports, audits, comparisons, reliability analysis, and related service operations.