Demox Labs, Inc. ("Ito," "we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy ("Policy"). A core element of our mission is our commitment to protect your personal information and to be transparent about the data we collect about you, how it is used, and with whom it is shared.
‍
This Policy describes our practices for collecting, using, maintaining, protecting, and disclosing your information through https://ito.ai (our "Website"), our applications (our "Apps") and our products, services, technology platforms and related applications (collectively, the "Service(s)").
‍
Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our terms, your choice is not to use our Services. By accessing or using our Services, you agree to this Privacy Policy. This Policy may change from time to time (see Changes to This Policy). Your continued access of our Services after we make changes is deemed to be acceptance of those changes, so please check the Last Modified date at the top of this Policy to ensure that you are viewing the most current version.

We collect only the minimum amount of information needed to provide you with our Services. For example, we collect basic contact information when you sign up for an account. We do not ask you for any information if you choose not to register for an account; however, you will not be able to use our Services without registering for an account. Other types of information we collect relate to how you use our Website or Apps, which helps us improve our Services.

Information You Provide to Us

• Personal Information: In the course of registering an account on our Services, we collect information that identifies you as a specific individual and can be used to contact or identify you ("Personal Information"). Examples of Personal Information we collect for these purposes include your name and email address.
  
• ‍Payment Information: We may process your payment information, such as credit card, billing address, and other financial information necessary to purchase or otherwise use our Services. Please note that we do not collect or store your Payment Information. Rather, your Payment Information is collected and stored by our payment processor, Stripe. By submitting your Payment Information, you consent to our providing your Payment Information to Stripe as reasonably necessary to support and process your transactions as well as your credit card issuer and banking institution. Stripe's privacy policy is available at https://stripe.com/privacy.
• ‍User Contributions: You may have the ability to interact with parts of our Website or with us through third-party platforms, such as the ability to post on third-party forums or to submit tickets on our Website. Your feedback or posts may be published or displayed publicly or transmitted to third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Website or third-party platforms with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed or accessed by unauthorized persons.

Information Collected Automatically

As you navigate through and interact with our Website, we and our third-party service providers, including analytics and third-party content providers, may automatically collect certain information from you whenever you access or interact with the Service.

• Usage Information: Details of your visits to our Website, including which links you clicked on, content response times, location data, logs, and other similar communication data and statistics about your interactions.
  
• Device Information: Information about your computer and internet connection, including your Internet Protocol address, operating system, and browser type.
• Non-Identifying Information: We may collect non-identifying or non-personal information when you use our Website, such as zip codes, demographic data, time zone, publicly available data, and general information regarding your use of the Service.

We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, analytics, and site functionality.

Cookies and Other Automatic Data Collection Technologies

Ito and its partners use cookies or similar technologies, which store certain information on your computer and allow us to, among other things, analyze trends, administer the Website, and gather demographic information about our user base as a whole. The technology used to collect information automatically from Ito users may include the following:

• Cookies: Like many websites, we and our operational partners, affiliates, analytics, and service providers use "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes. We use both persistent cookies that remain on your computer or similar device (such as to save your registration ID and login password for future logins to the Service) and session ID cookies, which expire at the end of your browser session. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functionality of the Service.
  
• Web Beacons: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as "web beacons" and/or "tracking tags" to help us keep track of what content on our Service is effective and to serve relevant advertising to you. Web beacons are small graphics with a unique identifier that may be invisible to you and are used to track the online activity of Internet users.
• Embedded Scripts: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as an Embedded Script. An Embedded Script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Service.

Analytics Services

We use Google Analytics and Amplitude to help us understand how users interact with our Services. These services collect information about your use of our Website and Services, including your IP address, browser type, pages visited, and time spent on pages. For more information about how Google collects and processes data, please visit https://policies.google.com/privacy. For information about Amplitude's privacy practices, please visit https://amplitude.com/privacy.

Information Received from Third Parties

We may receive information about you from third parties. For example, we and our partners, affiliates, and service providers may use a variety of other technologies (such as tags) that collect statistical data relating to your Website activity for security and fraud detection purposes.
‍
You may choose to elect that certain third parties share information with us, for example, when you choose to access the Services through another service, such as through Single Sign-on (e.g., GitHub).
‍
GitHub Details: We collect data necessary to enable your Ito account to interface with your GitHub account, such as your GitHub token, your user organization, your GitHub username, and your user role. We integrate with GitHub's API and Open Authentication (OAuth) system. We do not have access to your GitHub credentials. GitHub's privacy policy is available at https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.

Ito accesses your code repositories to provide automated QA testing services. This section describes how we handle your code and related data.

Code Access and Processing

Ito accesses your code repositories to provide automated QA testing services. This section describes how we handle your code and related data.

Data Sent to LLM Providers

To generate test cases and analyze code changes, we send pull request diffs and contextual information to our large language model (LLM) providers, which may include OpenAI and Anthropic. We send only PR diffs and context, not your complete codebase. Neither Ito nor our LLM providers use your code to train machine learning models. OpenAI's privacy policy is available at https://openai.com/privacy. Anthropic's privacy policy is available at https://www.anthropic.com/privacy.

Test Artifacts

Ito generates test artifacts including screenshots, video recordings, and logs during test execution. These artifacts are stored in Amazon Web Services (AWS) S3 for up to one (1) year from the date of creation to allow you to review test results and debug issues. You may request deletion of test artifacts at any time by contacting support@ito.ai.

Development Environments

Ito provisions isolated development container environments on our AWS infrastructure to execute tests. These environments are transient and are terminated immediately after test execution completes. No code or environment data persists after the test run ends.

Aggregated and Anonymized Data

By using the Services, you agree that Ito may collect and use aggregated and anonymized data derived from your use of the Services to improve our test runner agent and overall service quality. This aggregated data may include:

• Test pass/fail patterns and statistics
  
• UI interaction sequences and navigation patterns
• Test execution timing and performance data
• Error and failure classification data

This data is processed to remove any information that could identify you, your organization, or your specific codebase. The aggregated data is used solely to improve the accuracy and effectiveness of our automated testing capabilities.

Open Source Code

Ito may use publicly available open-source project code to train and improve our systems. The data handling practices described in this section regarding proprietary code do not apply to open-source projects that are publicly available.

Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. We do not currently respond to DNT signals. However, we do not track users across third-party websites to provide targeted advertising.

The Services are general audience and intended for users 13 and older. We do not knowingly collect Personal Information from anyone younger than age 13. If we learn that we have collected Personal Information from a child under 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us at support@ito.ai.

We may use information that we collect about you or that you provide to us, including any Personal Information:

• To provide you with an Account.
  
• To provision development environments, execute automated tests, and provide QA feedback on your pull requests.
• To deliver, provide, and process payment for the Services.
• To improve our Services, including improving our test runner agent using aggregated and anonymized data.
• To address your inquiries and provide customer support.
• To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
• To communicate with you, and to promote products, services, offers, and events offered by Ito.
• To comply with legal requirements and assist law enforcement.
• To stop any activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical, or legally actionable.
• To identify Ito users.
• For the purposes disclosed at the time you provide your information.
• As otherwise permitted with your consent.

To process your information as described above, we rely on the following legal bases:
‍
Contractual Necessity: To provide you with the Ito Service and perform the contract that you have with us.
‍
Legitimate Interests: It is in our legitimate interests to improve and analyze our Service, promote our products, prevent fraudulent transactions, maintain security of our Services, and provide functionality.
‍
Consent: In instances where we have indicated we will ask for consent within this Privacy Policy, you may withdraw your consent at any time by contacting us at support@ito.ai.

We do not sell personal information to third parties. We share information we receive about you as follows:

With Our Service Providers

We employ third-party companies to provide Services on our behalf, to perform Service-related operations (e.g., maintenance services, database management, web analytics, server hosting, fraud detection, and improvement of Ito's features) or to assist us in providing and analyzing how our Service is used. These third parties may have access to your Personal Information in order to perform these tasks on our behalf.

• Stripe for payment processing. Stripe's privacy policy: https://stripe.com/privacy
  
• Amazon Web Services (AWS) for cloud infrastructure and storage. AWS privacy policy: https://aws.amazon.com/privacy/
• Google Analytics for website analytics. Google's privacy policy: https://policies.google.com/privacy
• Amplitude for product analytics. Amplitude's privacy policy: https://amplitude.com/privacy

For Our Service Integrations

We integrate with the following services to provide you with the best possible functionality:

• GitHub for repository access and pull request integration. GitHub's privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
  
• OpenAI for AI-powered test generation. OpenAI's privacy policy: https://openai.com/privacy
• Anthropic for AI-powered test generation. Anthropic's privacy policy: https://www.anthropic.com/privacy

Neither Ito nor OpenAI or Anthropic uses personal information collected as part of the automated testing service to train, refine, or otherwise influence our models or any third-party models. Our commitment is to use the data solely for the purpose of providing the testing service in accordance with the user's request.

For Corporate Transactions

Ito may share information, including Personal Information, with any current or future subsidiaries or affiliates, primarily for business and operational purposes, in connection with a merger, acquisition, reorganization, or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy.

If Required By Law

Ito will disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or, at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of Ito or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical, or legally actionable activity.

With Your Consent

You may submit Personal Information to us through a form on the Website and consent to receive communication from us or our business affiliates based on the information in the form.

Our Services may contain links and/or features to other websites and/or online platforms operated by third parties. We do not control such other online platforms and are not responsible for their content, their privacy policies, or their use of your information.

You have several ways to exercise control over your information:

Account Settings: You may contact us to access, update, or delete your personal information by accessing your Account settings in our App.

‍Contact Us: You may contact us to access, update, or delete your personal information by contacting us at support@ito.ai.

‍Email: You may opt out of receiving marketing emails from us by following the opt-out instructions provided in those emails. Please note that we reserve the right to send you certain communications relating to your account or use of the Service (for example, administrative and service announcements) via email and other means, and these transactional account messages may be unaffected if you opt out from receiving marketing communications.

‍Test Artifacts: You may request deletion of test artifacts (screenshots, videos, logs) at any time by contacting support@ito.ai.

California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) may provide you with additional privacy rights with respect to our collection, use, and disclosure of your Personal Information. To the extent that Ito is a covered business under the CCPA, you may contact us for more information regarding the following rights:

• The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information in the 12-month period preceding your request.
  
• The right to request deletion of your Personal Information.
• The right to be free from discrimination related to the exercise of any of your privacy rights.
• The right to opt out of the sale of your personal information. Ito does not sell personal information, nor do we share personal information with third parties for marketing purposes.

For more information on how to exercise your rights, please contact us at support@ito.ai. Please note that we may require you to verify your credentials by matching your email address or other account information to the information in our systems before you can submit a request to exercise any of these rights.

Our servers are located in the United States, and your personal information passes through servers located in this geographic area. If you are accessing the Services from another country, please be advised that you may be transferring your personal information to such geographic areas and countries and you consent to that transfer, processing, and storage of your personal information in accordance with this Privacy Policy. You also agree to abide by the applicable US federal, state, and local laws concerning your use of the Services and your agreements with us.

We use physical, technical, and organizational measures designed to protect your information against unauthorized access, theft, and loss. We restrict access to your personal information to those employees who need to know that information to service your account or perform their job functions. Although we take precautions intended to help protect information that we process, no system or electronic data transmission is completely secure. Any transmission of your personal data is at your own risk, and we expect that you will use appropriate security measures to protect your personal information. You are responsible for maintaining the security of your account and the information in your account. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. You understand and agree that we may deliver electronic notifications about breaches of security to the email address on record on your account.

Unless you request that we delete certain information (see Your Rights and Choices Regarding Your Information), we will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using the Website);
  
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them);
• Whether retention is advisable considering our legal position (such as for statutes of limitations, litigation, or regulatory investigations).

Test Artifacts: Screenshots, video recordings, and logs generated by test runs are retained for up to one (1) year from the date of creation, after which they are automatically deleted unless you request earlier deletion.

‍Code Data: Source code is not retained after test execution. Code is pulled fresh for each test run and discarded upon completion.

Ito may update this Privacy Policy at any time and any changes will be effective upon posting. In the event that there are material changes to the way we treat your Personal Information, we will update the Last Modified date at the top of this Policy upon becoming effective. We may also notify you by email, in our discretion.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
‍
Demox Labs, Inc.
1547 Palos Verdes Mall, #124
Walnut Creek, CA 94597
Email: support@ito.ai