PRIVACY POLICY

Updated and effective: August 26, 2025

---

Kaimo (“Kaimo”, "we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy outlines our commitment to safeguarding the privacy and security of your information processed through our software applications, website and other services and features (collectively, "Services"). Please read this Privacy Policy carefully.

Our Services are designed to generate and execute web testing based on customers’ prompts, enhancing the efficiency and effectiveness of web development processes. Our practices are designed to protect your data while ensuring Services are effective and compliant with applicable data privacy laws.  By using our Services, you agree to the collection and use of information in accordance with this policy and be subject to our Terms of Use.

TABLE OF CONTENTS

1. Our Commitment
2. Sources of Personal Information
3. Information We Collect
4. How We Use Your Information
5. How We Share Information
6. Data Retention and Security
7. Your Rights and Choices
8. Nondiscrimination
9. No Children
10. Changes to this Policy
11. Contact

1. Our Commitment

At Kaimo, securing your privacy and security is critical to our mission. We prioritize data privacy and security with utmost seriousness.

2. Sources of Personal Information

There are three primary sources of personal information that we collect to provide you with our Services:

1. You: We collect the information you provide to us when you use our Services, including when you sign up for Kaimo, or contact us for support. We collect account and payment information you provide to us should you purchase our Services. We also collect information about how you browse through our apps and sites.
2. Your device(s): We collect information from and about the devices you use, including computers, phones, and other web-connected devices you use to access our apps or Services, and we combine this information across different devices you use.
3. Third parties: In our effort to enhance user experience, conduct market research, or improve our Services, we may receive your personal information from our analytics providers, cookie providers, email providers, service providers, and/or subprocessors. For more information on cookies, please read our Cookie Policy. Please also note that we may use advanced authentication tools such as Single Sign-On (SSO) and OAuth technologies to streamline our customers’ access to our Services. If you opt in to use these authentication tools and consent to the sharing of certain personal data with us, such as name, username, email address, language preference, or profile picture, we may collect such information for the purpose of authenticating your identity to facilitate a convenient sign-in process,to ensure the integrity of your account, to send service-related emails or messages, and to operate, maintain, and provide features and functionality of our Services. If you prefer not to share your personal data through such authentication service provider(s), you have the right to withdraw your consent at any time. You hereby acknowledge that once you opt out, your access to certain convenient features of our Services may be affected.  

We may also combine the personal information we have about you with information that we may obtain from other sources, including publicly available sources such as search engines, social media platforms and from databases operated by other third parties such as vendors or business partners. In particular, we may use third parties such as social media platforms to conduct targeted advertising in which case such social media platforms may act as independent or joint controllers with us to provide such services.

3. Information We Collect

In our mission to revolutionize web testing, we collect and process the following types of data to provide you with our Services:

Types of Data	Context and Details
Identity and Contact Data	We collect identifiers, such as your name, IP address, and email address, when you sign up for an account or subscribe to receive information about our Services.
Target Web App Data	As part of onboarding, we collect information related to the customer's application that will be tested using our Services (“Target Web App(s)”) to access and interact with such app(s). Such data include Target Web App’s URL, description, and login credentials. Our Services allow you to prompt the Services in a variety of media including to the format of text, files and documents, along with the metadata and other information necessary ("Inputs"). We do not collect personal data in your Inputs unless you choose to share with us. It is your sole responsibility to identify and remove any sensitive or proprietary information within your Target Web App(s). You should take necessary measures to obscure any sensitive information or data within Target Web App(s) if you don’t want such information shared with LLMs or stored by our Services.
Third Party Web App Data	When Target Web App(s) are integrated with third-party sites, we collect similar information, including URLs and login credentials, to enable our software to perform actions equivalent to those executed within the Target Web App(s). Although we facilitate interactions with third-party sites for testing purposes, you remain responsible for the use of these sites, including adherence to their terms and privacy policies.
Webhook and Notification Data	For users who opt to initiate external processes or receive notifications about test failures via webhooks, we may collect information such as the request URL, request headers, request body, and HTTP method to configure these integrations. This enables us to send notifications to external platforms. For users who choose to receive email notifications in the event of a test failure, we collect email addresses solely for the purpose of sending these notifications.
Inputs	We collect and process a wide range of data from Inputs, which are integral to the functionality and customization of our Services. These include: Flows or Tasks: We process detailed descriptions provided by customers about specific flows or tasks within Target Web App(s), enabling precise test generation and execution. Browser Artifacts: This refers to data collected during the interaction with the Target Web App(s). This includes, but is not limited to, all web page assets and content in forms such as HTML, CSS, JavaScript, images, videos, audio, fonts, JSON, XML, and PDFs, network activity, user interactions, browser state in forms such as cookies, local storage, session storage, and cache data, performance metrics, screenshots and videos of browsing sessions, console logs, and element properties. Assertions: Customers can specify assertions (for example: "make sure that the button is visible”). Our software collects and uses similar types of data, such as screenshots and HTML, to evaluate the assertions during test generation and execution. Test Editing: Customers have the ability to manually edit tests and provide textual prompts for modifying tests. This feature allows for enhanced flexibility in test customization.
Settings Data	We collect any additional settings information customers provide to us, including viewport sizes, email addresses of others within the same organization, test suite names for test customization and access control.
Avatar / Profile Image	For personalized user experience, we allow customers to use profile images or avatar. We display this personal avatar within our Services.
Payment Information	We collect your payment information such as your credit card information if you choose to purchase our Services. We use a third-party payment processing service provider, Stripe, to handle all payment transactions. To learn more about Stripe’s privacy practices, please read: https://stripe.com/privacy. We do not control the privacy practices of third parties and our service providers may be updated at our sole discretion.
Feedback	We appreciate feedback, including ideas and suggestions for improvement, or reports of any issues you provide to us ("Feedback"). We collect Feedback through widgets on our website and our web app, through email correspondence, or through a third party service provider. We may store and/or may choose to use your Feedback pursuant to our Terms of Use.
Communication Information	If you communicate with us, including via our site or other channels, we collect your name, contact information, and the contents of any messages you send through those channels. For video communication, including our product demo sessions, we may collect video recordings, transcriptions, and/or AI analysis only if you provide us with express verbal consent at the beginning of the meeting. We do not record any meeting without your explicit approval.
Video Recordings / Streams	As part of our Services, customers can view video streams or recordings of the web app test generated and executed in the browser.
Technical Information	When you use the Services, we also receive certain technical data automatically, such as (1) device or browser information (e.g. device type, operating system information, browser information and web page referrers, mobile network, connection information); (2) usage information (e.g. dates and times of access, information about the links you click); (3) troubleshooting information (e.g. error, the time the error occurred, content provided at the time of the error); and IP addresses.
Interaction Data	We collect detailed information about your interactions with our web app to enhance our Services and generate insights. This includes data on clicks, typing, mouse movements, hovering, scrolling, submission of forms, playing media, uploading or downloading files. Additionally, we collect session recordings, which are video replays of your interactive sessions within our web app, all to improve user experience.
Cookies	We may use cookies, scripts, or similar technologies (“Cookies”) to manage Services and to collect information about you, your interactions with our website, and your use of the Services. These technologies are meant to help us personalize your experience by recognizing you and analyzing the use of our Services to make our Services more useful to you. Please read our Cookie Policy to learn more.

4. How We Use Your Information

We use your personal data for the purposes summarized in the table below. The lawful bases for processing personal data are:

(i) contract – we process your data to provide you with Services pursuant to a contract;

(ii) compliance – we are required to comply with legal or regulatory obligations;

(iii) consent – we process your data when you give us your consent; and/or

(iv) legitimate interests – we need to investigate, prevent or enforce violations of our Terms of Use including misuse of our Services, fraud, or abuse.  

 

No.	Business Purpose
1	To provide to you our Services, which are subject to our Terms of Use, including account administration and authentication of your identity before providing you with our Services
2	To generate and execute the requested web app testing
3	To facilitate and process payments for Services
4	To maintain, facilitate, and enhance any Services offered to you with respect to your account
5	To communicate with you for non-marketing purposes including sending you services-related emails, push notifications, and other messages
6	To send you marketing communications if you sign up to receive them
7	To prevent and investigate fraud, abuse, violations of our Terms of Use, unlawful or criminal activity, unauthorized access to personal data, or misuse of our systems and networks
8	To investigate and resolve any disputes or security issues
9	To respond to your inquiries or support customer requests
10	To improve our Services and user experience, develop new features, and conduct market research
11	To comply with any legal obligation or binding regulatory requests
12	To protect our legal rights and property, exercise, or defend legal claims
13	To train, improve, enhance, and modify our artificial intelligence models for enhanced functionality, accuracy, and performance

5. How We Share Information

We may share your information with third-party service providers who assist us in delivering our Services and/or for the below listed purposes. These providers are bound by confidentiality obligations and are restricted from using your data for any other purpose. Additionally, we may disclose your information if required by law or to protect our rights and safety or the rights and safety of others.

• Service Providers:  We may disclose personal data with our service providers for a variety of reasons, including website and data hosting, ensuring compliance with industry standards, research, audit, and data processing. We only share information that is absolutely necessary to obtain the services we need to provide you with our Services.

• Corporate Transactions:  If we are involved in a merger, corporate transaction, bankruptcy, or other situation involving the transfer of business assets, we may disclose your personal data as part of these corporate transactions.

• Third-Party Services:  Our Services may involve integrations with, or may direct you to, websites, apps, and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not to us, and subject to the third party’s privacy policy. If you access third-party services, such as social media sites or other sites linked through the Services, these third-party services will be able to collect personal data about you, including information about your activity on the Services. If we link to a site or service via our website, you should read their data usage policies or other related documentation. Our linking to another site or service doesn’t mean we endorse it or speak for that third party.

• Regulatory or Legal Compliance:  We may disclose personal data to governmental regulatory authorities as required by law, including for legal, tax or accounting purposes, in response to their requests for such information or to assist in investigations. We may also disclose personal data to third parties in connection with claims, disputes or litigation, when otherwise permitted or required by law, or if we determine its disclosure is reasonably necessary to protect the health and safety of you or any other person, to protect against fraud or credit risk, to enforce our legal rights or the legal rights of others, to enforce contractual commitments that you have made, or as otherwise permitted or required by applicable law.

• Consent:  We will otherwise disclose personal data when you give us permission or direct us to disclose such information.

6. Data Retention and Security

We retain your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or as otherwise authorized or permitted by law. Upon expiration of the retention period, your data will be securely deleted and we reserve the right to delete any of our data at our sole discretion. We employ reasonable security measures to protect your data from unauthorized access and breaches. This includes limiting access to your personal information to our employees and third-party providers who strictly need to have access to fulfill a legitimate purpose when providing the Services to you. We conduct due diligence in selecting third parties who may have access to your personal information. We may also use encryption for data at rest or in transit, firewalls, access controls, separation of duties, and similar security protocols.

7. Your Rights and Choices

We prioritize your privacy and are committed to transparency regarding our data collection and usage practices. You may have certain rights related to your personal information under data protection laws depending on where you are or reside in.

As of the current date, we are not subject to the regulatory frameworks established by the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), or the California Privacy Rights Act (CPRA). However, we are dedicated to upholding the highest standards of data privacy and protection. Should our operational scope or the relevant legal and regulatory landscapes evolve, necessitating compliance with these or any other data protection laws, we are committed to promptly adapting our practices accordingly and ensuring our full compliance with such requirements.

For U.S. residents:

This section outlines the rights and choices you may have regarding your personal information, acknowledging that specific rights may vary based on your residency and our obligations under applicable state data privacy laws. Currently, only those who are a resident of the following states within the U.S. may submit consumer requests to us: 

 

1. California
2. Colorado
3. Connecticut
4. Nevada
5. New York
6. Utah
7. Virginia

If we are not subject to data privacy laws in your state, we reserve the right to exercise reasonable discretion in responding to your requests. Your privacy rights may include the following:

• Right to Access:  You have the right to request access to the personal information we hold about you.
• Right to Correction:  You can request that we correct any inaccurate or incomplete personal information.
• Right to Erasure:  You may ask us to delete or remove your personal information in certain circumstances.
• Right to Restrict Processing:  You have the right to request that we restrict the processing of your personal information.
• Right to Data Portability:  Where applicable, you can request that we transfer your personal information to another organization.
• Right to Object:  You have the right to object to the processing of your personal information in certain situations.

​
To submit requests related to your personal information or to see if you can exercise any of the above data rights, please contact us at privacy@kaimo.ai. Include sufficient information to allow us to reasonably verify your identity or your authorization to act on behalf of an entity. We are committed to addressing your concerns promptly and transparently.

For Canadian residents:

We are not currently subject to Canadian data privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. However, we are committed to respecting privacy and will fully adhere to these laws should we provide our Services to Canadian residents. In case of conflict between our Privacy Policy and this supplemental disclosure for Canadian residents, the supplemental disclosures shall prevail in relation to residents of Canada.

• Intended Collection and Use of Personal Information:  We intend to collect personal information such as names, email addresses, and usage data to provide and improve our Services. We will ensure that we obtain express consent from our Canadian customers when collecting personal data, except where otherwise permitted by law. We will only collect information necessary for the Services and do not use personal information for purposes other than those to which you have consented.

• Disclosure of Personal Information:  We do not disclose personal information to third parties without obtaining prior consent from our customers, except as required by law. When we do share data with third-party service providers, they are bound by privacy agreements that require them to keep your information confidential and secure.

• Data Security and Retention:  We implement robust security measures to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. Personal information is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.

• Access and Corrections:  Canadian residents will have the right to access personal information we hold about them and request corrections if necessary. If you wish to access or correct your personal information, please contact us at privacy@kaimo.ai. We will respond to requests within the time frame specified by Canadian law and provide information on how these requests can be made.

For UK and EU Residents:

Currently, we are not subject to the General Data Protection Regulation (GDPR) or the UK GDPR. However, we recognize the importance of privacy and data protection and are committed to achieving compliance with GDPR and/or UK GDPR should we provide Services to customers in these regions. In case of conflict between our Privacy Policy and this supplemental disclosure for UK/EU residents, the supplemental disclosures shall prevail in relation to residents of the UK/EU.

• Intended Collection and Use of Personal Information:  We intend to collect personal information such as names, email addresses, and usage data to provide and enhance our Services. We will ensure that all data collection and processing is done in accordance with GDPR principles, which require transparency, lawful basis for processing, data minimization, and purpose limitation. We will obtain explicit consent from our customers for collecting and processing their data, except where we can rely on another lawful basis.

• Future Disclosure of Personal Information:  We will not disclose personal information to third parties without obtaining prior consent from our customers, except as required by law or on other lawful grounds permitted under GDPR or UK GDPR. Any transfer of data outside the UK or EU will be conducted in compliance with GDPR/UK GDPR transfer mechanisms to ensure the security and privacy of personal data.

• Data Security and Retention Plans:  We will implement robust security measures to protect personal information against unauthorized access, loss, theft, and other potential risks. Personal information will be retained only as long as necessary to fulfill the purposes for which it was collected or as otherwise required by law.

• Rights of Data Subjects:  Residents of the UK/EU will have specific rights under applicable UK GDPR/EU GDPR including the right to access, correct, delete, or restrict processing of their personal data, the right to object to processing, and the right to data portability. Requests to exercise these rights can be directed to privacy@kaimo.ai, and we will respond within the legally specified time frames.

For Australia and New Zealand Residents:

While we are not currently governed by the Australian Privacy Act 1988 or the New Zealand Privacy Act 2020, we recognize the significance of privacy and data protection and are committed to adhering to these frameworks should we extend our Services to customers in these regions. In the event of any discrepancies between our Privacy Policy and this supplemental disclosure for Australian and New Zealand residents, the supplemental disclosures shall take precedence for residents of Australia and New Zealand.

• Intended Collection and Use of Personal Information:  We plan to collect personal information such as names, email addresses, and usage data to deliver and improve our Services. We will ensure that all data collection and processing is conducted in accordance with principles similar to those in the Australian Privacy Principles (APPs) and the New Zealand Information Privacy Principles (IPPs), which emphasize transparency, lawful processing, data minimization, and purpose limitation. We will obtain explicit consent from our customers for collecting and processing their data, except where we can rely on another lawful basis.

• Future Disclosure of Personal Information:  We will not disclose personal information to third parties without obtaining prior consent from our customers, except as required by law or on other lawful grounds permitted under Australian or New Zealand law. Any transfer of data outside Australia or New Zealand will be conducted in compliance with respective national laws to ensure the security and privacy of personal data.

• Data Security and Retention Plans:  We will implement robust security measures to protect personal information against unauthorized access, loss, theft, and other potential risks. Personal information will be retained only as long as necessary to fulfill the purposes for which it was collected or as otherwise required by law.

• Rights of Data Subjects:  Residents of Australia and New Zealand will have specific rights under their respective national laws, including the right to access, correct, delete, or restrict processing of their personal data, the right to object to processing, and in some contexts, the right to data portability. Requests to exercise these rights can be directed to privacy@kaimo.ai, and we will respond within the legally specified time frames.

8. Nondiscrimination

We will not discriminate against you if you decide to exercise your privacy rights. We will not deny our Services, charge different prices, or provide different levels of Services based on your exercise of your privacy rights.

9. No Children

Our Services are not intended for children under the age of 18, and we do not knowingly collect, use, disclose, sell, or share any information about children under this age. If you become aware that a child under 18 has provided personal data to us while using our Services, please contact us at privacy@kaimo.ai, and we will promptly investigate the issue. Where applicable, we will take steps to delete such personal data.

10. Changes to this Policy

We will review our Privacy Policy regularly and maintain compliance with all applicable laws as our business grows. We may update our Privacy Policy from time to time at our sole discretion to reflect changes in our practices or for other operational, legal, or regulatory reasons. Changes will be effective immediately upon posting to our website. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. Any changes to this Privacy Policy will become effective when posted on our website. ​

11. Contact

For any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at privacy@kaimo.ai.