Privacy Policy

Primates, Inc. ("Primates," "Company," "we," "us," "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy ("Policy") explains how we collect, use, disclose, retain, and safeguard information when you visit our website at primates.dev, use our AI-powered software testing platform, interact with our mobile applications, or engage with us through any other means (collectively, the "Services"). It also describes your choices regarding the collection, use, and disclosure of your information.

This Policy applies to all visitors, users, and others who access or use our Services. By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, you should not access or use the Services.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our website with a revised "Last updated" date, and, where required by law, we will obtain your consent before implementing the changes. We encourage you to review this Policy periodically to stay informed about how we protect your information.

1. Information We Collect

We collect information about you in several ways, depending on how you interact with our Services. The categories of information we collect include:

1.1 Information You Provide Directly

Account Registration Information. When you create an account on our platform, we collect your full name, email address, company name, job title, and the password you choose. If you sign up using a third-party authentication provider (such as Google, GitHub, or Microsoft), we receive your name, email address, and profile picture from that provider in accordance with its privacy practices.

Billing Information. When you subscribe to a paid plan, we collect billing details including your credit card number, expiration date, billing address, and other payment-related information. We do not store full credit card numbers on our servers; instead, payment information is processed and securely stored by our third-party payment processor, Stripe, Inc., in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

Communications. When you contact us through email, our support portal, live chat, contact forms, or phone, we collect the content of your communications, including your name, email address, phone number, and any attachments or other information you provide. We may also record phone calls and video meetings for quality assurance and training purposes, with prior notice.

Survey and Feedback Information. If you participate in surveys, beta programs, user research sessions, or provide feedback through our platform, we collect the responses and information you provide during those activities.

Job Application Information. If you apply for a position at Primates through our careers page or a third-party job board, we collect information included in your application, such as your resume, cover letter, employment history, education, professional references, and any other information you choose to provide.

1.2 Information Collected Automatically

Usage Data. When you access or use our Services, we automatically collect information about your interactions, including the pages and features you access, the actions you take within the platform, the time and duration of your visits, the test configurations you create and execute, and the frequency and patterns of your usage. This information helps us understand how our Services are used and enables us to improve them.

Device and Technical Information. We collect information about the devices and software you use to access our Services, including your IP address, browser type and version, operating system, device type and model, screen resolution, language preferences, time zone, and unique device identifiers. For our command-line interface tools, we collect the tool version, operating system, and shell environment.

Log Data. Our servers automatically record certain information in log files when you access or use our Services. Log data may include your IP address, the URL of the web page you visited before navigating to our Services, pages and features accessed, search queries, errors encountered, timestamps, and other diagnostic information.

Cookies and Similar Technologies. We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users of our Services. For more information about our use of cookies, please see Section 5 of this Policy.

1.3 Information from Third Parties

Integration Partners. When you connect third-party services to your Primates account (such as GitHub, GitLab, Bitbucket, Jira, Slack, or CI/CD platforms), we may receive information from those services in accordance with the permissions you grant and the privacy practices of those services. This information may include repository metadata, commit information, project names, team member details, and notification preferences.

Analytics Providers. We receive information from third-party analytics providers that help us understand how our Services are used and how to improve them. This information is typically aggregated and does not identify you personally.

Business Partners and Resellers. We may receive information about you from business partners, channel resellers, and referral sources who introduce you to our Services. This information typically includes your name, company name, email address, and general interest in our platform.

2. How We Use Information

We use the information we collect for the following purposes:

Providing and Operating the Services. We use your information to create and manage your account, authenticate your identity, process your transactions, deliver the features and functionality of our platform, execute test runs on your behalf, generate reports and analytics, and provide customer support. This is necessary for the performance of our contract with you.

Improving and Developing the Services. We analyze usage patterns, feedback, and error reports to understand how our Services are used, identify areas for improvement, develop new features and capabilities, optimize performance, and fix bugs. We may use aggregated and anonymized data for benchmarking, research, and to train and improve our AI and machine learning models. Our AI models are not trained on your source code or identifiable Customer Data.

Communication. We use your contact information to send you transactional communications (such as account confirmations, billing receipts, technical notices, security alerts, and support responses), product updates and feature announcements, educational content and best-practice guides, and marketing communications (where you have opted in or where permitted by law). You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your notification preferences in your account settings.

Security and Fraud Prevention. We use information about your account activity, device characteristics, and network information to detect, investigate, and prevent security incidents, fraudulent activity, unauthorized access, and other harmful or illegal activities. We may also use this information to enforce our Terms of Service and protect the rights, property, and safety of Primates, our users, and the public.

Legal Compliance. We use your information to comply with applicable laws, regulations, legal processes, and governmental requests, including tax and accounting obligations, subpoenas, court orders, and regulatory inquiries.

Personalization. We use information about your preferences, usage patterns, and role to personalize your experience on our platform, including customizing the features and content you see, recommending relevant documentation and tutorials, and tailoring onboarding flows based on your team's technical stack.

3. Data Sharing and Disclosure

We do not sell your personal information to third parties. We share your information only in the following circumstances:

Service Providers. We share information with third-party service providers who perform services on our behalf, including cloud hosting (Amazon Web Services), payment processing (Stripe), email delivery (SendGrid), customer support tools (Zendesk), analytics (Mixpanel, Google Analytics), error monitoring (Sentry), and marketing automation (HubSpot). These providers are contractually obligated to use your information only for the purposes of providing their services to us and to maintain appropriate security measures.

Integration Partners. When you connect third-party services to your Primates account, we share information with those services as necessary to enable the integration. The information shared depends on the specific integration and the permissions you grant. Each integration partner's use of your information is governed by its own privacy policy.

Within Your Organization. If you use the Services as part of an organization (such as your employer), we may share your usage information, account activity, and other data with the administrators and other authorized users within that organization, as determined by the organization's account settings and policies.

Legal Requirements. We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service, including investigation of potential violations; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Primates, our users, or the public as required or permitted by law.

Business Transfers. If Primates is involved in a merger, acquisition, reorganization, asset sale, financing, or bankruptcy proceeding, your information may be transferred to the acquiring entity or its advisors as part of the transaction. We will notify you of any such transfer and the choices you may have regarding your information.

With Your Consent. We may share your information with third parties when you have given us your explicit consent to do so.

4. Customer Data and Source Code

We understand that Customer Data, including source code that you submit to our platform for testing, is among your most valuable and sensitive assets. We have implemented specific safeguards to protect this data:

Processing in Ephemeral Environments. Source code submitted for test execution is processed in isolated, ephemeral computing environments. These environments are created on demand, used solely for the duration of the test run, and destroyed immediately upon completion. Your source code is not persisted on our infrastructure beyond the duration of active test execution.

Encryption. All Customer Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Encryption keys are managed using AWS Key Management Service (KMS) with regular key rotation.

Access Controls. Access to Customer Data is restricted to Primates employees who require access to perform their job functions, such as providing customer support or investigating technical issues. All access is logged, and we enforce the principle of least privilege across our organization.

No Training on Your Code. We do not use your source code, test configurations, or test results to train our AI or machine learning models. Our models are trained on publicly available datasets, synthetic data, and internally generated data. This commitment is fundamental to our relationship with our customers and is documented in our Data Processing Agreement.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to provide a better user experience. The types of cookies we use include:

Strictly Necessary Cookies. These cookies are essential for the operation of our Services and cannot be disabled. They enable core functionality such as authentication, session management, security, and load balancing. Without these cookies, the Services cannot function properly.

Functional Cookies. These cookies enable us to remember your preferences and settings, such as your language, time zone, notification preferences, and dashboard layout. They enhance your experience but are not essential for the basic operation of the Services.

Analytics Cookies. We use analytics cookies from providers including Google Analytics and Mixpanel to collect information about how you use our Services, including which pages you visit, how long you spend on each page, and how you navigate between pages. This information helps us understand usage patterns and improve our Services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Marketing Cookies. We use marketing cookies to track visitors across websites and display ads that are relevant to you. These cookies are placed by third-party advertising platforms and are used to build a profile of your interests and show you relevant advertisements on other websites. You can manage your preferences for marketing cookies through our cookie consent banner or by adjusting your browser settings.

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only first-party cookies, or alert you when a cookie is being placed. However, if you block or delete cookies, some features of our Services may not function properly.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The specific retention periods depend on the type of information and the purpose for which it was collected:

Account Information. We retain your account information for as long as your account is active. If you close your account, we will delete or anonymize your personal information within thirty (30) days, unless we are required by law to retain it for a longer period.

Billing and Transaction Records. We retain billing and transaction records for seven (7) years after the end of the fiscal year in which the transaction occurred, as required by tax and accounting regulations.

Customer Data. Customer Data, including test results and analytics, is retained for the period specified in your subscription plan (7 days for Free, 90 days for Pro, and as agreed for Enterprise). Upon expiration of the retention period, Customer Data is automatically deleted from our systems.

Communication Records. We retain records of communications with our support team for three (3) years after the last communication in the thread, unless a longer period is necessary for ongoing legal or compliance matters.

Usage Data and Log Files. Usage data and server log files are retained for twelve (12) months for analytics and troubleshooting purposes, after which they are aggregated and anonymized or deleted.

7. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. These rights may include:

Right to Access. You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

Right to Rectification. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can also update most of your account information directly through the account settings page.

Right to Erasure (Right to Be Forgotten). You have the right to request that we delete your personal information, subject to certain exceptions. We may retain information where necessary to comply with legal obligations, resolve disputes, enforce our agreements, or where deletion is not technically feasible.

Right to Data Portability. You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another data controller without hindrance from us.

Right to Object. You have the right to object to the processing of your personal information for direct marketing purposes. You also have the right to object to processing based on our legitimate interests, in which case we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Restrict Processing. You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing based on our legitimate interests.

Right to Withdraw Consent. Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact information provided at the end of this Policy. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may ask you to verify your identity before processing your request to ensure the security of your information.

California Residents. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we have collected about you, the right to delete your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To submit a CCPA/CPRA request, please contact us at privacy@primates.dev or call us at +1 (415) 555-0142.

8. Children's Privacy

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as soon as possible. If you believe that we may have collected personal information from a child under 16, please contact us immediately at privacy@primates.dev.

If you are a parent or guardian and believe that your child has provided personal information to us, you may contact us to request access to, correction of, or deletion of the information. We will verify the identity of the requesting parent or guardian before disclosing or deleting any information.

9. International Data Transfers

Primates is headquartered in the United States, and our primary data processing facilities are located in the United States (AWS us-east-1 and us-west-2 regions) and the European Union (AWS eu-west-1 region). If you are located outside the United States, your personal information may be transferred to and processed in the United States or other countries where our service providers operate.

When we transfer personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards to ensure that your personal information remains protected. These safeguards include:

Standard Contractual Clauses (SCCs). We use the European Commission's Standard Contractual Clauses (as updated in June 2021) to govern transfers of personal information from the EEA to countries outside the EEA that are not subject to an adequacy decision. We supplement these clauses with additional technical and organizational measures as necessary.

EU-U.S. Data Privacy Framework. Primates participates in and has certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. We are committed to subjecting all personal information received from EU/EEA member states, the United Kingdom, and Switzerland in reliance on each framework to the applicable framework's principles.

Transfer Impact Assessments. We conduct transfer impact assessments for international data transfers to evaluate the level of protection afforded to personal information in the destination country and to implement supplementary measures where necessary to ensure an essentially equivalent level of protection.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) update the "Last updated" date at the top of this Policy; (b) post the revised Policy on our website; (c) provide a prominent notice on our platform, such as a banner or notification; and (d) where required by law, send you an email notification at the address associated with your account at least thirty (30) days before the changes take effect.

We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of the Services after any changes to this Policy constitutes your acceptance of the updated Policy.

If you disagree with any changes to this Policy, you may close your account by following the instructions in your account settings or by contacting our support team. Please note that certain information may be retained after account closure as described in Section 6 of this Policy.

11. Security

We take the security of your personal information seriously and implement administrative, technical, and physical measures designed to protect your information against unauthorized access, disclosure, alteration, destruction, or loss. Our security measures include:

Technical Safeguards. AES-256 encryption at rest; TLS 1.3 encryption in transit; network segmentation and firewall protections; intrusion detection and prevention systems; regular vulnerability scanning and annual penetration testing by independent security firms; multi-factor authentication for all employee access to production systems; automated secret rotation and certificate management.

Administrative Safeguards. SOC 2 Type II certification with annual audits; comprehensive information security policies and procedures; mandatory security awareness training for all employees; background checks for employees with access to sensitive systems; incident response plan with regular tabletop exercises; vendor security assessment program for third-party service providers.

Physical Safeguards. Our infrastructure is hosted in AWS data centers that maintain robust physical security controls, including 24/7 security personnel, multi-factor access controls, video surveillance, and environmental protections. We do not maintain our own physical data centers.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information. If you have reason to believe that your interactions with us are no longer secure, please contact us immediately at security@primates.dev.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Primates, Inc.
Attention: Privacy Team
450 Mission Street, Suite 300
San Francisco, California 94105
United States

Email: privacy@primates.dev
Phone: +1 (415) 555-0142

For data protection inquiries from the European Economic Area, the United Kingdom, or Switzerland, you may also contact our Data Protection Officer at dpo@primates.dev.

If you are located in the EEA or the United Kingdom and are not satisfied with our response to your inquiry, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.