Privacy Policy

Summary

This page describes what data Detektra collects, why we collect it, who we share it with, and the choices you have. Plain-language section first, full detail below.

On this website we capture anonymous pageview data so we know which content and campaigns work. We do not record sessions, fingerprint browsers, or sell data. We rely on a small number of third-party providers to operate the service. They are listed by category below, and a current vendor list is available on request.

What we collect when you visit the website

When you visit any public page of this site (this page, the home page, anything not behind a login), we capture an anonymous pageview event with the following properties:

• URL and referrer: the page you visited and which site, if any, sent you to us.
• Browser, device, and locale signals: browser name and version, operating system, device type (desktop, mobile, or tablet), screen and viewport size, and preferred language. Browser, OS, and device type are derived from your browser's user-agent string. Screen size, viewport size, and language are read from standard browser APIs (window.screen, window.innerWidth/Height, navigator.language).
• Approximate location: country, region, and city, derived from your IP address before the raw IP is dropped from the event. We do not intentionally retain raw IP addresses within our analytics dataset. IP addresses may still be processed transiently by hosting, CDN, or security-monitoring infrastructure for routing and abuse prevention.
• Campaign attribution: if you arrive via a link with UTM parameters or an ad-network click identifier (Google, LinkedIn, Twitter/X, Meta, TikTok, etc.) in the URL, we keep those values on the event so we know which campaign worked.

We do not record clicks, form inputs, or session recordings. We do not run heatmaps. We do not associate this data with any account, name, or email. There is no "identify" step on this website.

To recognize a returning anonymous visitor (so "unique visitor" counts and return-visit metrics are meaningful), our analytics layer stores a randomly-generated identifier in your browser's localStorage. The identifier is not associated with you personally. You can clear it at any time via your browser's site-data controls.

We use "anonymous" throughout this page to mean we do not link this data to your name, email, or account. Under some legal regimes, notably EU GDPR and Quebec Law 25, the combination of a persistent identifier, browser and device metadata, and approximate location may still be classified as pseudonymous personal data. We treat it under that framing for compliance purposes regardless of the colloquial label.

If your browser sends a Do Not Track signal, our analytics SDK reads the signal and, where supported, suppresses event capture for your visit. DNT support varies across browsers and may not cover every downstream service.

What we collect from the waitlist

If you join the waitlist, we collect your email address and any other information you choose to provide in the form. We use it to:

• Send you launch updates and beta invitations.
• Occasionally ask for feedback as we build the product.

We do not sell or share waitlist data with third parties beyond our email-delivery provider. You can unsubscribe from any email we send, or ask us to delete your record entirely. See the Your rights section below.

What we collect if you create an account

Account creation is currently limited to private beta and is not yet available on the public website. When account signup opens, the data captured at signup will include: email address, a hashed password (or single sign-on provider profile if you use SSO), and a display name. Once you start using the product, project-level data you create within Detektra (such as test scenarios, configurations, and run results) is associated with your account.

We will update this policy with the full account-data details before opening signup to the public.

Who has access to your data

We use a small number of third-party services ("sub-processors") to run Detektra. They process data on our behalf under their own privacy and security commitments. By category, they cover:

• Analytics: anonymous pageview events from this website.
• Email delivery: transactional and waitlist email.
• Hosting and infrastructure: running the application and its supporting services.

A current list of named sub-processors is available on request at the contact address below. We do not sell personal data. We do not share personal data with advertisers, data brokers, or anyone outside our sub-processors, except where required by law.

Where your data is stored

Our sub-processors store the data described above on infrastructure located in the United States. If you're visiting from outside the United States, your data is transferred to and processed in the United States. Where required by law, this transfer relies on standard contractual clauses or equivalent safeguards.

Security

We aim to follow reasonable, generally-accepted practices for protecting the data we hold:

• Traffic between your browser and our services is encrypted with HTTPS.
• Administrative access to our analytics, email-delivery, and hosting providers is restricted to authorized members of our team and protected by multi-factor authentication where the provider supports it.
• We evaluate each sub-processor for its own published security and privacy posture before relying on it, and we review that posture periodically.

No service can guarantee perfect security. If we ever discover unauthorized access to personal data we hold, we will notify affected users and applicable regulators as required by law.

How long we keep your data

Anonymous pageview events: retained under our analytics provider's configured retention period.

Waitlist email addresses: kept until you ask us to delete them or until we launch and you decline to convert to an account.

Account data: account creation is not yet available on the public website, so we do not currently hold any account data. Specific retention rules (active-account retention, post-closure grace period, and the deletion process) will be added to this policy before account signup opens to the public.

Legal bases for processing

Where EU or UK data-protection law applies (GDPR and UK GDPR), we rely on one or more of the following lawful bases:

• Legitimate interests: operating, securing, and improving the website and the service. This covers the anonymous analytics described above and basic abuse prevention. You can object via the mechanisms in the next section.
• Consent: where required by law (for example, EU, UK, and Quebec visitors once the planned consent banner is in place) before non-essential tracking technologies are loaded.
• Performance of a contract: account creation, authentication, and service delivery to account holders.
• Legal obligations: where we are required to retain or disclose information by applicable law.

Your rights

Depending on where you live, you may have one or more of the following rights over data we hold about you:

• Access: request a copy of the data we hold.
• Correct: ask us to fix inaccuracies.
• Delete: ask us to delete your data.
• Object: opt out of analytics or marketing communications.
• Portability: receive a machine-readable copy of your data.

Specific regimes that apply: EU and UK GDPR for residents of the European Economic Area and the United Kingdom, Quebec Law 25 for Quebec residents, PIPEDA and provincial equivalents for the rest of Canada, CCPA and CPRA for California residents.

To exercise any of these rights, email [email protected] from the address associated with your record. We will respond within 30 days.

To opt out of analytics on this website, enable Do Not Track in your browser (suppression then applies where the analytics SDK supports it), clear localStorage for this site to remove the anonymous identifier, or email the address above to request deletion of any data we hold about you.

Cookies and similar technologies

We do not intentionally set advertising or behavioral-tracking cookies. The anonymous analytics identifier described above is stored in localStorage, which is per-site and per-browser. Account areas of the product use first-party session cookies that are strictly necessary for authentication. Hosting, CDN, and security infrastructure may also set or read cookies for routing, rate limiting, and abuse prevention. Clearing your browser's site data removes all of the above on your device.

Children's privacy

This service is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at the address below and we will delete the information promptly.

Business transfers

If Detektra is involved in a merger, acquisition, financing round that requires data-sharing diligence, or sale of all or part of its assets, the data described in this policy may be transferred as part of that transaction. Any successor entity will be bound by the commitments in this policy, or will provide notice and an opportunity to object before changes take effect.

Changes to this policy

If we materially change how we collect or use data, we will update the "Last updated" date at the top of this page and, if you have an account or are on the waitlist, notify you by email before the change takes effect.

Contact

Privacy questions, data-access requests, or complaints can be sent to [email protected].