This policy explains what data Certyn collects, how we use it, how long we keep it, and how our autonomous browser sessions and evidence systems affect your data.
Last updated: March 26, 2026
Certyn provides AI-powered QA workflows that run automated browser sessions against applications you choose. This Privacy Policy applies to our website, product, support operations, and related services.
Important
Certyn operates automated agents that interact with your application in real browser environments and may record those sessions.
Depending on what your application displays during a run, recordings and artifacts may contain personal data, confidential business information, test access values entered at runtime, support messages, or internal system details.
We collect the following categories of information.
We use information to provide and operate Certyn, including to:
Model Use
Certyn does not use customer execution data for model training by default. If we ever want to use customer content for model training or broader model-improvement purposes, we will do so only under a separate agreement, opt-in, or clearly disclosed consent flow.
Certyn may use autonomous agents to navigate your application, click, type, scroll, submit forms, and perform other actions needed to execute tests or exploratory workflows. Those actions can have real effects inside the environments you point us at.
When a run is active, Certyn may generate or store:
Artifacts are intended to help you verify what happened. They can be viewed by authorized users in your workspace and by Certyn personnel who need access for support, abuse prevention, or security work.
You may provide shared test login details, API keys, tokens, or other test access values to allow Certyn to access your testing environments. We use that information to run the workflows you request.
We do not sell personal information. We share data only as needed to operate Certyn, comply with law, or protect the service and our users.
Our public vendor list is available on the Subprocessors page. If you need processor terms for EU or UK transfers, review our DPA summary or contact us.
Certyn's standard retention target for execution artifacts such as screenshots, conversation archives, console/network logs, and optional session video is 30 days unless a different retention period applies under your contract, workspace configuration, legal obligation, or documented incident handling need.
We may retain account records, subscription records, support communications, audit logs, and legally required business records for longer periods where necessary to provide the service, resolve disputes, prevent abuse, or comply with law.
We use technical and organizational measures designed to protect customer data, including:
Additional product detail is available on the Security & Trust page.
Certyn is intended for use by a U.S. company and may process data in the United States and other countries where our subprocessors operate. Where required, we use contractual and organizational transfer mechanisms, including standard contractual clauses or similar terms, for cross-border personal data transfers.
Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data.
Certyn uses essential authentication/session technologies and, where enabled by your consent, analytics technologies such as PostHog. Our cookie controls and analytics behavior are described in the Cookie Policy.
Questions, requests, or complaints about privacy or data handling can be sent to privacy@certyn.io.
If you need a signed DPA, subprocessor notice, or security review package, contact legal@certyn.io.
