Privacy Policy

Operio AI Inc. ("Operio", "we", "us", or "our") takes your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our agentic QA platform and related services (the "Service").

Please read this policy carefully. If you do not agree with its terms, please do not access the Service.

This Privacy Policy applies to:

• Businesses and individuals ("Customers") who create accounts and use the Operio platform.
• End users whose data may be incidentally processed as part of test cases or user flows submitted by Customers.

Note: The Service is available to both individuals and organizations. Individual users and business customers are responsible for ensuring their use of the Service complies with applicable privacy laws with respect to their own end users.

3.1 Information You Provide Directly

• Account information: name, email address, company name, job title.
• Profile information and preferences.
• Customer Data: test cases, user flows, plain-English test descriptions, and configurations you create or upload.
• Communications with our support team.
• Payment and billing information (processed by our payment providers).

3.2 Information Collected Automatically

• Usage data: features used, pages viewed, test execution history.
• Device and browser information.
• IP address and approximate location data.
• Cookies and similar tracking technologies (see Section 9).

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Process transactions and manage your account.
• Send technical notices, updates, security alerts, and support messages.
• Respond to your comments, questions, and requests.
• Monitor and analyze usage trends and Service performance.
• Detect, prevent, and address security threats and technical issues.
• Send promotional communications where permitted; you may opt out at any time by clicking "unsubscribe" in our emails or contacting us directly.
• Comply with legal obligations.

Operio's platform uses artificial intelligence and machine learning to generate, execute, and auto-heal test cases. With respect to Customer Data:

• Your test cases, user flows, and related data are processed solely to provide and operate the Service for your account.
• Operio does not use your Customer Data to train shared AI models that benefit other customers without your explicit consent.
• Operio implements appropriate access controls to ensure your Customer Data is not accessible to other customers.

Recommendation: Avoid submitting real personal data (e.g., real user credentials, PII) in test cases, Quick Tests, or any other input fields within the Service. Use synthetic or anonymized data wherever possible.

Credentials & Environments

Credentials stored in Environments are protected using appropriate security measures. Access to stored credentials is limited to authenticated users within your account. Operio staff do not access stored credentials except where reasonably necessary for security, support, or legal compliance purposes.

We do not sell your personal information. We may share your information only in the following limited circumstances:

• With trusted service providers and subprocessors who perform services on our behalf (e.g., hosting, payment processing, analytics). Information about subprocessors is available upon request.
• To comply with applicable laws, regulations, or valid legal requests.
• To protect the rights, property, and safety of Operio, our customers, or others.
• In connection with a merger, acquisition, or sale of assets — in which case we will notify affected users.
• With your explicit consent or at your direction.

Contractual Protections with Subprocessors

Prior to transferring personal data to any third party, we enter into a written contract requiring them to provide at least the same level of privacy protection as described in this policy. We require subprocessors to notify us if they can no longer meet this obligation, and we take reasonable steps to stop and remediate any unauthorized processing.

Legal Requests

We may disclose information when required to comply with applicable laws, regulations, court orders, legal processes, or lawful governmental requests.

We implement appropriate technical and organizational measures to protect your information, including:

• Appropriate encryption measures for data in transit and at rest.
• Regular security assessments and monitoring.
• Access controls and authentication mechanisms.
• Employee training on data protection and security practices.

However, no security system is impenetrable, and no method of data transmission can be guaranteed to be 100% secure. We encourage you to use strong passwords and keep your credentials confidential.

We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Period: Upon account termination, we will delete or anonymize your Customer Data within 90 days, unless a longer retention period is required by law or agreed upon in a separate Data Processing Agreement.

We use cookies and similar tracking technologies to operate and improve the Service:

• Strictly necessary: required for the Service to function (e.g., authentication sessions).
• Analytics: help us understand how users interact with the Service (e.g., page views, feature usage).
• Preference: remember your settings and preferences.

You can instruct your browser to refuse all cookies or notify you when a cookie is being set. Note that disabling certain cookies may affect Service functionality.

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Portability: request your data in a structured, machine-readable format.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@operio.run. We will respond within 30 days of receiving your request.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

11.1 Legal Basis for Processing

• Contract performance: processing necessary to provide the Service under our agreement with you.
• Legitimate interests: improving the Service, security, and fraud prevention.
• Legal obligation: compliance with applicable laws.
• Consent: where we have obtained your explicit consent.

11.2 International Data Transfers

Your information may be transferred to and processed in the United States and other countries outside the EEA. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

11.3 Data Processing Agreement

If you are a Customer subject to GDPR, you may request a Data Processing Agreement (DPA) by contacting us at support@operio.run.

11.4 Supervisory Authority

If you have concerns about how we handle your personal data, we encourage you to contact us first at support@operio.run. You also have the right to contact your local data protection authority.

Your information may be processed and stored in the United States and other countries where Operio or its service providers operate. Operio implements appropriate safeguards to protect personal information during international transfers in accordance with applicable laws.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@operio.run and we will delete it promptly.

We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised last updated date. Continued use of the Service after such updates become effective constitutes acceptance of the revised Privacy Policy.

For questions regarding this Privacy Policy, please contact: