QAID Privacy Policy
- Effective Date:
- May 8, 2026
- Last Updated:
- May 8, 2026
Plain-language summary
This summary is for orientation only. The full Privacy Policy below is the authoritative document. We provide both because privacy is too important to bury in legalese.
- Who we are: QAID is a website quality assurance testing platform headquartered in Ontario, Canada.
- What we collect, briefly: If you visit our website, we may collect very limited technical information (your IP address and basic browser metadata in our server logs). If you sign up for the QAID Free Trial, we collect your account info and the website data we crawl on your behalf. If you become a paying customer, you self-host QAID in your own environment and we only receive minimal license validation data.
- What we do not do: We do not sell your personal information. We do not use it to train AI models. We do not share it with advertisers. We collect what we need to provide the service, and that is all.
- Your rights: You can ask us what personal information we have about you, request corrections, ask us to delete it, and withdraw consent. Section 9 explains how.
- Questions: Email support@qaid.io. We respond within 30 days, usually faster.
If you disagree with anything in this policy: stop using our services and contact us. We will work with you to address your concerns or, where appropriate, delete your information from our systems.
1. Scope and Application§
This Privacy Policy describes how Doume Inc., a corporation incorporated under the laws of Canada with a registered office in Ontario, doing business as QAID (“QAID,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information in connection with:
- Our marketing website at qaid.io (the “Website”);
- The QAID Free Trial Service that we host (the “Free Trial Service”);
- The QAID Software when licensed for self-hosted use by customers (the “Software”);
- Customer support, sales communications, and other interactions with us.
This Privacy Policy applies to personal information that we collect directly. It does not apply to personal information that customers process within their own self-hosted Software environments — in those cases, the customer is the controller and their own privacy policy applies.
2. What “Personal Information” Means§
In this Privacy Policy, “personal information” means information about an identifiable individual. This includes information that, alone or in combination with other information, could reasonably be used to identify a person — such as a name, email address, IP address, or account identifier.
Aggregated, anonymized, or de-identified information that cannot reasonably be linked back to an individual is not personal information for the purposes of this Privacy Policy.
3. Information We Collect§
The information we collect depends on how you interact with us. The four interaction types below cover everything:
3.1 Marketing website visitors§
When you visit qaid.io, we automatically collect limited technical information needed to operate and secure the Website. This currently includes:
- IP address (recorded in server logs);
- User-Agent string (browser type, operating system);
- HTTP referrer (the page you came from, if applicable);
- Date and time of your visit;
- Pages requested.
If you submit a form on our Website — such as a contact form, demo request, or email signup — we collect the information you provide, which typically includes your name, email address, and any message you send.
Note on analytics and tracking: Our Website uses Plausible Analytics for aggregated traffic statistics. Plausible does not set cookies, does not collect personal information, and does not track visitors across websites or sessions. We do not use advertising trackers, session-replay tools, or any other behavioral tracking on our Website. If we add any such tools in the future, we will update this Privacy Policy and, where required, obtain consent through a cookie banner or similar mechanism before activation.
3.2 QAID Free Trial users§
When you sign up for the QAID Free Trial, we collect:
Account information
- Name of the individual creating the account;
- Business email address;
- Company name and your role within the company;
- Country and (if applicable) province or state;
- Account credentials (password is stored as a salted hash, never in plaintext).
Customer Data and Target Site information
- URLs of the websites you authorize us to crawl (“Target Sites”);
- Domain ownership verification records;
- Crawl results and scan output, which may include any content publicly accessible on the Target Sites you submit;
- Where the Target Sites you submit contain personal information of third parties (such as visible names, email addresses, or other identifying details on those websites), that personal information may be collected by the Service in the course of crawling. You are responsible for ensuring you have all necessary rights and authorizations for this collection.
Usage and technical data
- Application logs, including timestamps and actions performed within the Service;
- IP addresses from which you access the Service;
- Error and diagnostic information.
AI features and your API key
The Free Trial Service includes optional AI-powered features (such as scenario generation, bug detection, and failure diagnosis). To use them, you supply your own AI provider API key (currently Anthropic) in the Service. When you trigger an AI feature, the relevant data is sent directly from the Service to your AI provider under your account, and the response is returned to your trial workspace. QAID does not receive, store, or relay the data you send to the AI provider, and does not share an AI key with you. See Section 5.1 for more.
3.3 QAID paid self-hosted customers§
When you license the QAID Software for self-hosted deployment, our direct collection of personal information from you is significantly more limited because the Software runs in your own environment and we do not access the Customer Data it processes.
Account and billing information
- Name and contact information of the individual managing the subscription;
- Business email address and phone number;
- Company name and billing address;
- Payment information appropriate to the payment method specified in your Order. For invoice-paid subscriptions (typically annual), this is billing-contact details and any purchase-order or tax-identifier information you provide. For credit-card and other electronic payments, the transaction is processed by a third-party payment processor identified on the sub-processors page; QAID does not store full card numbers.
License validation data
The QAID Software periodically connects to our license validation servers to confirm that your subscription remains active. These communications transmit only:
- The license key identifier;
- The Software version in use;
- The IP address from which the validation request originates;
- A timestamp.
The Software does NOT transmit Customer Data, scan results, Target Site information, or any other usage telemetry to QAID during license validation. We use license validation data solely to enforce the terms of your subscription, prevent unauthorized use, and provide aggregate operational metrics.
Support session data
If you contact us for support, we collect the content of your support communications. If you participate in a video call with screen-sharing, our support personnel may incidentally observe data on your screen, which may include personal information from your environment. We do not record video sessions without your express consent and we do not retain copies of incidentally observed information beyond what is necessary to address the support inquiry.
3.4 Other interactions§
If you apply for a job at QAID, we collect application information including your name, contact details, resume, and any other materials you submit. If you correspond with us by email or other means, we collect the content of those communications. We process this information solely to respond to and manage those interactions.
4. How We Use Personal Information§
We use personal information for the following purposes:
| Purpose | What we do | Legal basis |
|---|---|---|
| Provide the service | Operate the Free Trial Service, deliver software updates, validate licenses, respond to support requests | Performance of contract; legitimate interest |
| Account administration | Create and manage accounts, authenticate users, communicate service-related notices | Performance of contract |
| Billing | Process payments, issue invoices, address billing questions | Performance of contract; legal obligation |
| Improve the product | Analyze usage patterns, fix bugs, develop new features (using aggregated or de-identified data wherever possible) | Legitimate interest |
| Security | Detect, prevent, and respond to fraud, abuse, and security incidents | Legitimate interest; legal obligation |
| Marketing | Send you product updates and offers about our products you’ve signed up for or expressed interest in (you can opt out at any time) | Consent; legitimate interest |
| Comply with law | Respond to legal requests, enforce our agreements, protect our rights | Legal obligation; legitimate interest |
We do not sell personal information, share it with advertisers, or use it to train artificial intelligence or machine learning models for any purpose other than improving QAID itself for our customers.
5. How We Share Personal Information§
We share personal information only in the limited circumstances described in this Section.
5.1 Service providers (sub-processors)
We use third-party service providers to operate our business. These providers process personal information on our behalf and only as instructed by us. They are bound by contract to maintain the confidentiality of personal information and use it only for the purposes we authorize.
Categories of service providers we currently use:
- Cloud infrastructure: hosting providers that run the marketing website, the Free Trial Service, and our internal systems (currently Amazon Web Services in the United States and Canada).
- Form submission delivery: a third-party form service that receives submissions from our marketing website (such as trial requests and sales inquiries) and forwards them to us.
The complete current list of specific service providers, including their names and locations, is available at qaid.io/legal/sub-processors. We update this list as our service providers change. Where we add new categories of service provider in the future (such as payment processing or customer support tooling), we will update both this Privacy Policy and the sub-processors list before activating them.
AI providers are not QAID’s sub-processors. QAID does not operate AI inference services. AI features in the Software and the Free Trial Service (such as scenario generation, bug detection, and failure diagnosis) call the AI provider you specify (currently Anthropic) using an API key that you provide. Data sent to that provider flows directly from your QAID instance to the provider under your account; QAID does not receive, store, or relay it. Your AI provider is your own sub-processor, and your relationship is governed by the agreement between you and that provider, not by this Privacy Policy.
5.2 Legal disclosures
We may disclose personal information if we believe in good faith that disclosure is required or permitted by law, including:
- To respond to lawful requests from law enforcement, courts, or government authorities;
- To comply with subpoenas, court orders, or other legal processes;
- To enforce our agreements, including investigating potential breaches;
- To protect the rights, property, or safety of QAID, our customers, or the public;
- In connection with any actual or threatened legal proceeding.
Where legally permitted, we will notify you before disclosing your personal information in response to a legal request.
5.3 Business transfers
If QAID is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of its assets, personal information may be transferred to the surviving or acquiring entity, subject to confidentiality obligations and applicable law. We will notify affected individuals of any change in ownership or in the use of their personal information.
5.4 With your consent
We may share personal information for any other purpose with your consent.
6. International Data Transfers§
QAID operates from Canada. Our primary infrastructure is hosted on Amazon Web Services, with regions in Canada and the United States. Personal information you provide to us may be transferred to, processed in, and stored in countries other than your country of residence, including the United States and Canada.
Privacy laws in some of these countries may differ from those in your country and may not provide equivalent protection. Where we transfer personal information across borders, we rely on:
- Contractual protections with our service providers requiring them to handle personal information consistent with this Privacy Policy and applicable law;
- Standard contractual clauses or equivalent transfer mechanisms where required by applicable law;
- Your consent, where applicable.
If you are accessing our services from outside Canada, you consent to the transfer of your personal information to Canada and the United States as described in this Privacy Policy.
7. Data Retention§
We retain personal information only as long as necessary for the purposes described in this Privacy Policy, or as required by law. Specific retention periods include:
| Information type | Retention period |
|---|---|
| Marketing website server logs | 90 days, then deleted or anonymized |
| Free Trial account information | Duration of the trial plus 30 days after trial ends or termination |
| Free Trial Customer Data (crawl results) | Duration of the trial plus 30 days after trial ends or termination |
| Paid customer account and billing records | Duration of the subscription plus 7 years (Canadian tax and accounting requirements) |
| License validation logs | 12 months on a rolling basis, then aggregated |
| Support communications | 3 years from the date of the last interaction |
| Marketing email subscriber lists | Until you unsubscribe, plus 12 months for suppression list (to honor your unsubscribe) |
| Job applicant information | 12 months for unsuccessful applicants; duration of employment plus 7 years for hires |
| Acceptance records (clickwrap audit logs) | 7 years (matches Ontario contract limitation period) |
| Breach incident records | 24 months minimum (PIPEDA requirement); longer if needed for ongoing investigation |
We may retain personal information for longer than the periods listed above where retention is necessary to comply with legal obligations, resolve disputes, prevent fraud or abuse, or enforce our agreements.
8. How We Protect Personal Information§
We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. These include:
- Encryption of personal information in transit (TLS 1.2 or higher) and at rest;
- Access controls limiting personal information to authorized personnel with a need to know;
- Multi-factor authentication for administrative access to systems containing personal information;
- Logging and monitoring of access to systems containing personal information;
- Regular review and updating of security practices;
- Vendor due diligence for service providers that process personal information.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security. If we become aware of a breach of security safeguards involving personal information that creates a real risk of significant harm to affected individuals, we will notify those individuals and applicable regulators in accordance with applicable law.
9. Your Rights§
Depending on your location and the laws that apply to your personal information, you may have some or all of the following rights:
9.1 Rights under Canadian law (PIPEDA)
- Right to access: You can request access to the personal information we hold about you, including how we obtained it and how it has been used.
- Right to correction: You can request that we correct inaccurate or incomplete personal information.
- Right to withdraw consent: You can withdraw consent to our use of your personal information at any time, subject to legal and contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide services to you.
- Right to file a complaint: You can file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.
9.2 Rights under Quebec Law 25
If you are a resident of Quebec, you have additional rights under An Act respecting the protection of personal information in the private sector (Law 25), including:
- Right to be informed of automated decision-making that affects you;
- Right to data portability — to receive certain personal information in a structured, technological format;
- Right to de-indexing — to request that personal information be de-indexed in certain circumstances;
- Right to file a complaint with the Commission d’accès à l’information at cai.gouv.qc.ca or 1-888-528-7741.
9.3 Rights under European Union and United Kingdom law (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:
- Right of access, rectification, and erasure;
- Right to restrict or object to processing;
- Right to data portability;
- Right to lodge a complaint with your local data protection authority.
9.4 Rights under California law (CCPA/CPRA)
If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
- Right to know what personal information we collect, use, disclose, and sell;
- Right to delete personal information;
- Right to correct inaccurate personal information;
- Right to opt out of “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined under California law);
- Right to limit use of sensitive personal information;
- Right to non-discrimination for exercising privacy rights.
9.5 How to exercise your rights
To exercise any of the rights described above, contact us at support@qaid.io. We will:
- Acknowledge your request within 72 hours;
- Verify your identity before processing the request (we may request additional information for this purpose);
- Respond to your request within 30 days, or notify you if we need additional time (up to 60 days for complex requests);
- Inform you of our decision and, if we decline a request in whole or in part, the reasons and your options for challenging our decision.
There is no charge for exercising your rights. We will not discriminate against you for exercising any of your rights.
10. Children§
Our services are intended for use by businesses and are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected personal information from a child, please contact us at support@qaid.io and we will take steps to delete that information.
11. Cookies and Similar Technologies§
Cookies are small data files stored on your device when you visit a website. We use cookies for the following purposes only:
- Strictly necessary cookies: These are required for our Website and Free Trial Service to function. They include session cookies for authentication and security cookies for fraud prevention. These cannot be disabled.
We use Plausible Analytics for aggregated traffic statistics on our Website. Plausible is designed to be privacy-friendly:
- It does not set any cookies on your device;
- It does not collect personal information or persistent identifiers;
- It does not track visitors across websites or across sessions;
- It uses a rotating daily hash (derived from IP + user agent + a salt that changes every 24 hours) solely to count unique daily visitors. The hash is one-way and cannot be reversed to identify you.
Because Plausible does not store anything on your device and does not collect personal data, no cookie consent is legally required. If we add analytics, advertising, or session-replay tools that do require consent in the future, we will implement a cookie consent banner before activation.
You can configure most browsers to refuse cookies or to alert you when cookies are being sent. If you disable strictly necessary cookies, our services may not function properly.
12. Marketing Communications§
If you sign up for our newsletter, request a demo, or otherwise indicate interest in receiving marketing communications from us, we may send you product updates, announcements, and other marketing communications. You can opt out at any time by:
- Clicking the “unsubscribe” link in any marketing email we send;
- Emailing support@qaid.io with your request.
Even if you opt out of marketing communications, we may still send you transactional and service-related communications, such as billing notices, security alerts, and changes to this Privacy Policy.
13. Changes to This Privacy Policy§
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the “Last Updated” date at the top of this Privacy Policy;
- For material changes that affect how we use existing personal information, notify you by email (if we have your email) or by prominent notice on our Website at least 30 days before the change takes effect;
- Where required by applicable law, obtain your consent before applying the change to existing personal information.
Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to an updated Privacy Policy, you should stop using our services and contact us at support@qaid.io to discuss the deletion of your personal information.
Previous versions of this Privacy Policy are available upon request from support@qaid.io.
14. Contact Us§
If you have questions, concerns, or requests relating to this Privacy Policy or our handling of personal information, please contact us:
| Privacy contact | support@qaid.io |
| Mailing address | Doume Inc., Ontario, Canada |
| Person responsible | CEO/Founder |
| Office of the Privacy Commissioner of Canada | priv.gc.ca · 1-800-282-1376 |
| Commission d’accès à l’information (Quebec) | cai.gouv.qc.ca · 1-888-528-7741 |
We aim to acknowledge all privacy inquiries within 72 hours and resolve them within 30 days. For matters that cannot be resolved through direct contact, you have the right to file a complaint with the privacy regulator in your jurisdiction.
QAID by Doume Inc. · Privacy Policy · Version 1.0