Demox Labs, Inc. (“Demox Labs,” “we,” “our,” or “us”) is the company that develops and operates Ito.ai. Demox Labs respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (“Policy”). A core element of our mission is our commitment to protect your personal information and to be transparent about the data we collect about you, how it is used, and with whom it is shared. Throughout this Policy, references to “Ito.ai” refer to the product and Services; references to “Demox Labs” or “we” refer to Demox Labs, Inc. as the legal entity.

This Policy describes our practices for collecting, using, maintaining, protecting, and disclosing your information through https://ito.ai (our “Website”), our applications (our “Apps”) and our products, services, technology platforms and related applications (collectively, the “Service(s)”).

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our terms, your choice is not to use our Services. By accessing or using our Services, you agree to this Privacy Policy. This Policy may change from time to time (see Changes to This Policy). Your continued access of our Services after we make changes is deemed to be acceptance of those changes, so please check the Last Modified date at the top of this Policy to ensure that you are viewing the most current version.

We collect only the minimum amount of information needed to provide you with our Services. For example, we collect basic contact information when you sign up for an account. We do not ask you for any information if you choose not to register for an account; however, you will not be able to use our Services without registering for an account. Other types of information we collect relate to how you use our Website or Apps, which helps us improve our Services.

Information You Provide to Us

• Personal Information: In the course of registering an account on our Services, we collect information that identifies you as a specific individual and can be used to contact or identify you (“Personal Information”). Examples of Personal Information we collect for these purposes include your name and email address.
  
• Payment Information: We may process your payment information, such as credit card, billing address, and other financial information necessary to purchase or otherwise use our Services. Please note that we do not collect or store your Payment Information. Rather, your Payment Information is collected and stored by our payment processor, Stripe. By submitting your Payment Information, you consent to our providing your Payment Information to Stripe as reasonably necessary to support and process your transactions as well as your credit card issuer and banking institution. Stripe’s privacy policy is available at https://stripe.com/privacy.
• User Contributions: You may have the ability to interact with parts of our Website or with us through third-party platforms, such as the ability to post on third-party forums or to submit tickets on our Website. Your feedback or posts may be published or displayed publicly or transmitted to third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Website or third-party platforms with whom you may choose to share your User Contributions.

Information Collected Automatically

As you navigate through and interact with our Website, we and our third-party service providers, including analytics and third-party content providers, may automatically collect certain information from you whenever you access or interact with the Service.

• Usage Information: Details of your visits to our Website, including which links you clicked on, content response times, location data, logs, and other similar communication data and statistics about your interactions.
  
• Device Information: Information about your computer and internet connection, including your Internet Protocol address, operating system, and browser type.
• Non-Identifying Information: We may collect non-identifying or non-personal information when you use our Website, such as zip codes, demographic data, time zone, publicly available data, and general information regarding your use of the Service.

We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, analytics, and site functionality.

Cookies and Other Automatic Data Collection Technologies

Demox Labs and its partners use cookies or similar technologies, which store certain information on your computer and allow us to, among other things, analyze trends, administer the Website, and gather demographic information about our user base as a whole. The technology used to collect information automatically from Ito.ai users may include the following:

• Cookies: Like many websites, we and our operational partners, affiliates, analytics, and service providers use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use both persistent cookies that remain on your computer or similar device (such as to save your registration ID and login password for future logins to the Service) and session ID cookies, which expire at the end of your browser session. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functionality of the Service.
  
• Web Beacons: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as “web beacons” and/or “tracking tags” to help us keep track of what content on our Service is effective. Web beacons are small graphics with a unique identifier that may be invisible to you and are used to track the online activity of Internet users.
• Embedded Scripts: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as an Embedded Script. An Embedded Script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Service.

Analytics Services

We use Google Analytics and PostHog to help us understand how users interact with our Services. These services collect information about your use of our Website and Services, including your IP address, browser type, pages visited, and time spent on pages. For more information about how Google collects and processes data, please visit https://policies.google.com/privacy. For information about PostHog’s privacy practices, please visit https://posthog.com/privacy.

Information Received from Third Parties

We may receive information about you from third parties. For example, we and our partners, affiliates, and service providers may use a variety of other technologies (such as tags) that collect statistical data relating to your Website activity for security and fraud detection purposes.

You may choose to elect that certain third parties share information with us, for example, when you choose to access the Services through another service, such as through Single Sign-on (e.g., GitHub).

GitHub Details: We collect data necessary to enable your Ito.ai account to interface with your GitHub account, such as your GitHub token, your user organization, your GitHub username, and your user role. We integrate with GitHub’s API and Open Authentication (OAuth) system. We do not have access to your GitHub credentials. GitHub’s privacy policy is available at https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.

Ito.ai accesses your code repositories to provide automated QA testing services. This section describes how Demox Labs handles your code and related data.

Code Access and Processing

When you connect a repository to Ito.ai, Demox Labs accesses your code solely to provision development environments and execute tests. We do not use your source code for any purpose beyond active test execution and do not intentionally retain copies of your source code beyond what is necessary for that purpose.

Data Sent to LLM Providers

To generate test cases and analyze code changes, Demox Labs sends pull request diffs and contextual information to our large language model (LLM) providers, which may include OpenAI and Anthropic. We send only PR diffs and context, not your complete codebase. Demox Labs does not use your raw proprietary code to train AI models.

Demox Labs cannot control or warrant the independent data handling practices of our LLM providers beyond the contractual commitments those providers make to Demox Labs. You should review the applicable terms and privacy policies of our LLM providers. OpenAI’s privacy policy is available at https://openai.com/privacy. Anthropic’s privacy policy is available at https://www.anthropic.com/privacy.

Test Artifacts

Ito.ai generates test artifacts including screenshots, video recordings, and logs during test execution. These artifacts are stored in Amazon Web Services (AWS) S3 to allow you to review test results and debug issues. You may submit a request for deletion of test artifacts at any time by contacting support@ito.ai. We will review each request and respond within a reasonable timeframe.

Development Environments

Ito.ai provisions isolated development container environments on Demox Labs’ AWS infrastructure to execute tests. These environments are transient and are terminated after test execution completes.

Aggregated and Anonymized Data

By using the Services, you agree that Demox Labs may collect and use aggregated, anonymized, and de-identified data derived from your use of the Services to train, evaluate, and improve our AI models and overall service quality. This aggregated data may include:

• Test pass/fail patterns and statistics
  
• UI interaction sequences and navigation patterns
• Test execution timing and performance data
• Error and failure classification data

This data is processed to remove any information that could identify you, your organization, or your specific codebase. Aggregated data will not contain code identifiable to you or your organization.

Open Source Code

Demox Labs may use publicly available open-source project code to train and improve our systems. The data handling practices described in this section regarding proprietary code do not apply to open-source projects that are publicly available.

Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. We do not currently respond to DNT signals. However, we do not track users across third-party websites to provide targeted advertising.

The Services are general audience and intended for users 13 and older. Demox Labs does not knowingly collect Personal Information from anyone younger than age 13. If we learn that we have collected Personal Information from a child under 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us at support@ito.ai.

Demox Labs may use information that we collect about you or that you provide to us, including any Personal Information:

• To provide you with an Account.
  
• To provision development environments, execute automated tests, and provide QA feedback on your pull requests.
• To deliver, provide, and process payment for the Services.
• To improve our Services, including improving the Ito.ai test runner agent and AI models using aggregated and anonymized data as described in Section 3.
• To address your inquiries and provide customer support.
• To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
• To communicate with you, and to promote products, services, offers, and events offered by Demox Labs.
• To comply with legal requirements and assist law enforcement.
• To stop any activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical, or legally actionable.
• To identify Ito.ai users.
• For the purposes disclosed at the time you provide your information.
• As otherwise permitted with your consent.

To process your information as described above, we rely on the following legal bases:

Contractual Necessity: To provide you with the Ito.ai Service and perform the contract that you have with us.

Legitimate Interests: It is in our legitimate interests to improve and analyze our Service, promote our products, prevent fraudulent transactions, maintain security of our Services, and provide functionality.

Consent: In instances where we have indicated we will ask for consent within this Privacy Policy, you may withdraw your consent at any time by contacting us at support@ito.ai.

Demox Labs does not sell personal information to third parties. We share information we receive about you as follows:

With Our Service Providers

We employ third-party companies to provide Services on our behalf, to perform Service-related operations (e.g., maintenance services, database management, web analytics, server hosting, fraud detection, and improvement of Ito.ai’s features) or to assist us in providing and analyzing how our Service is used. These third parties may have access to your Personal Information in order to perform these tasks on our behalf.

• Stripe for payment processing. Stripe’s privacy policy: https://stripe.com/privacy
  
• Amazon Web Services (AWS) for cloud infrastructure and storage. AWS privacy policy: https://aws.amazon.com/privacy/
• Google Analytics for website analytics. Google’s privacy policy: https://policies.google.com/privacy
• PostHog for product analytics. PostHog’s privacy policy: https://posthog.com/privacy

For Our Service Integrations

We integrate with the following services to provide you with the best possible functionality:

• GitHub for repository access and pull request integration. GitHub's privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
  
• OpenAI for AI-powered test generation. OpenAI's privacy policy: https://openai.com/privacy
• Anthropic for AI-powered test generation. Anthropic's privacy policy: https://www.anthropic.com/privacy

Demox Labs does not use your raw proprietary code to train AI models. However, Demox Labs may use aggregated, anonymized, and de-identified data derived from test results and usage patterns to improve our AI models and Services as described in Section 3. Demox Labs cannot control or warrant the independent data handling practices of OpenAI or Anthropic beyond the contractual commitments those providers make to Demox Labs. You should review the applicable privacy policies of those providers directly.

For Corporate Transactions

Demox Labs may share information, including Personal Information, with any current or future subsidiaries or affiliates, primarily for business and operational purposes, in connection with a merger, acquisition, reorganization, or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy.

If Required By Law

Demox Labs will disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of Demox Labs or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical, or legally actionable activity.

With Your Consent

You may submit Personal Information to us through a form on the Website and consent to receive communication from us or our business affiliates based on the information in the form.

Our Services may contain links and/or features to other websites and/or online platforms operated by third parties. We do not control such other online platforms and are not responsible for their content, their privacy policies, or their use of your information.

You have several ways to exercise control over your information:

Account Settings: You may submit requests regarding your personal information by accessing your Account settings in our App or contacting us at support@ito.ai. We will review each request and respond within a reasonable timeframe.

‍Contact Us: You may submit requests to access, update, or delete your personal information by contacting us at support@ito.ai. We will review each request and respond within a reasonable timeframe. Please note that certain data may be retained as required by law or as necessary to fulfill our contractual obligations to you.

‍Email: You may opt out of receiving marketing emails from us by following the opt-out instructions provided in those emails. Please note that we reserve the right to send you certain communications relating to your account or use of the Service (for example, administrative and service announcements) via email and other means, and these transactional account messages may be unaffected if you opt out from receiving marketing communications.

‍Test Artifacts: You may submit a request for deletion of test artifacts (screenshots, videos, logs) by contacting support@ito.ai. We will review each request and respond within a reasonable timeframe.

California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) may provide you with additional privacy rights with respect to our collection, use, and disclosure of your Personal Information. To the extent that Demox Labs is a covered business under the CCPA, you may contact us at support@ito.ai for more information regarding the following rights:

• The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information in the 12-month period preceding your request.
  
• The right to request deletion of your Personal Information.
• The right to be free from discrimination related to the exercise of any of your privacy rights.
• The right to opt out of the sale of your personal information. Demox Labs does not sell personal information, nor do we share personal information with third parties for marketing purposes.

To submit a request under the CCPA, please contact us at support@ito.ai. We will review your request and respond within a reasonable timeframe. We may require you to verify your identity by matching your email address or other account information to the information in our systems before processing your request. Please note that certain data may be retained as permitted or required by law.

Our servers are located in the United States, and your personal information passes through servers located in this geographic area. If you are accessing the Services from another country, please be advised that you may be transferring your personal information to such geographic areas and countries and you consent to that transfer, processing, and storage of your personal information in accordance with this Privacy Policy. You also agree to abide by the applicable US federal, state, and local laws concerning your use of the Services and your agreements with us.

We use technical and organizational measures designed to protect your information against unauthorized access, theft, and loss. Although we take precautions intended to help protect information that we process, no system or electronic data transmission is completely secure. Any transmission of your personal data is at your own risk, and we expect that you will use appropriate security measures to protect your personal information. You are responsible for maintaining the security of your account and the information in your account. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security.

Unless you submit a request that we address certain information (see Your Rights and Choices Regarding Your Information), Demox Labs will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using the Website);
  
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them);
• Whether retention is advisable considering our legal position (such as for statutes of limitations, litigation, or regulatory investigations).

Test Artifacts: Screenshots, video recordings, and logs generated by test runs are retained to support your ability to review results and debug issues. You may submit a deletion request at any time by contacting support@ito.ai.

‍Code Data: We do not use your source code for purposes beyond active test execution and do not intentionally retain copies of your source code beyond what is necessary for that purpose.

Free Trial Data: If you register for a Free Trial and do not convert to a paid subscription, your account and associated personal information will be retained for the period necessary to fulfill our legal obligations and resolve any outstanding matters, after which we will address deletion requests submitted to support@ito.ai.

Demox Labs may update this Privacy Policy at any time and any changes will be effective upon posting. In the event that there are material changes to the way we treat your Personal Information, we will update the Last Modified date at the top of this Policy upon becoming effective. We may also notify you by email, in our discretion.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
‍
Demox Labs, Inc.
1547 Palos Verdes Mall, #124
Walnut Creek, CA 94597
Email: support@ito.ai