Your data, in plain language.

QAShift ("QAShift", "we", "us") provides AI-assisted, human-verified QA testing as a service. This policy explains what personal data we process when you visit qashifthq.com, submit a form, or run a pilot with us, and the choices you have.

For any privacy question, or to exercise a right described below, email privacy@qashifthq.com — a human replies, usually within two business days.

Information you give us: your name, work email, company, and anything you type into our pilot, contact, careers, newsletter, or book-a-call forms. If you apply to a role, the resume and links you submit.

Information we collect automatically: basic, privacy-respecting analytics such as pages visited and approximate region. We do not sell this data and we do not run advertising trackers.

Engagement data (pilot/paid customers only): the repository, CI, and staging access you explicitly grant, plus the test artifacts our service produces. This is governed by your contract and DPA, not just this policy.

To respond to you, run your pilot, deliver the service, send the reports and emails you asked for, and meet our legal and security obligations. We process this data because you asked us to (consent) or because it is necessary to provide a service you requested (contract).

We do not use your data to train public AI models, and we never sell it.

A short list of processors that help us operate: our email provider (Resend) to deliver transactional and notification emails, our database/hosting providers (Supabase, Vercel) to store form submissions and serve the site, and our analytics provider. Each is bound by its own data-processing terms.

We disclose data if required by law, and to protect the rights, safety, or property of QAShift, our customers, or the public. We never share your repository or test data outside the named engineers on your engagement.

Form submissions and correspondence are retained while we are in contact and for a reasonable period after, then deleted. Test artifacts (screenshots, videos, traces) are retained for 90 days, then hard-deleted. On contract termination we provide a full export and delete our copies within 30 days.

Under GDPR and India’s DPDP Act you can access, correct, export, or delete your personal data, and withdraw consent at any time. Email privacy@qashifthq.com and we will act on verified requests within statutory timelines.

You can unsubscribe from any marketing email using the link in its footer; transactional emails tied to an active engagement are not marketing.

All traffic is encrypted in transit (TLS 1.2+). Secrets are stored in a scoped vault, never in logs. Our security practices are described in detail on our Security & Trust page. Data may be processed in regions where our providers operate; we rely on standard contractual safeguards for cross-border transfers.

We will update this page when our practices change and revise the date below. Material changes affecting active customers will also be sent by email.