Legal

Privacy Policy

Last updated: April 10, 2026

1. Introduction

Adverant Limited ("Adverant", "we", "us", or "our"), a company registered in Dublin, Ireland, operates the NexusQA platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and job title. This information is required to provision your organization within the platform.

2.2 Usage Data

We collect information about how you interact with NexusQA, including: test suites created, test runs executed, tickets filed, quality metrics generated, and feature usage patterns. This data is used to improve the platform and provide you with quality scorecard analytics.

2.3 Test Data

NexusQA processes test artifacts including screenshots, Playwright traces, rrweb session recordings, and test results. These are stored in MinIO object storage with organization-prefixed keys ensuring tenant isolation. We do not inspect, analyze, or use your test data for purposes other than providing the Service.

2.4 AI Processing Data

When NexusQA uses AI services for triage, remediation planning, or test generation, your code context and bug reports are sent to the AI provider configured by your organization (Gemini, Claude, or OpenRouter). NexusQA does not store AI conversation logs beyond the structured outputs (triage classifications, remediation plans, gate verdicts) that are stored in GraphRAG as part of the audit trail.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the NexusQA platform
  • Process your transactions and send service notifications
  • Generate quality metrics and scorecard analytics for your organization
  • Respond to your support requests and demo inquiries
  • Send product updates and security advisories (you can opt out)
  • Detect, prevent, and address technical issues and security threats

4. Data Storage and Security

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database tables use PostgreSQL Row Level Security with organization-scoped policies. API keys and credentials are stored encrypted in the auth database and decrypted on demand. Inter-service communication uses Istio mTLS.

5. Data Retention

Active account data is retained for the duration of your subscription. Test run results are stored in monthly-partitioned tables and retained for 24 months. Upon account cancellation, you have 30 days to export your data via the API. After 30 days, all data including MinIO objects, PostgreSQL records, and GraphRAG entities are permanently deleted.

6. Data Sharing

We do not sell, trade, or rent your personal information. We share data only in these circumstances:

  • AI Providers: Code context is sent to your configured AI provider for processing. This is controlled by your organization's AI provider settings.
  • Service Providers: We use infrastructure providers (cloud hosting, CDN) that may process data on our behalf under strict data processing agreements.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.

7. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the legal bases of contract performance (providing the Service), legitimate interests (improving the platform), and consent (marketing communications). You have the right to access, rectify, erase, restrict processing, and port your data. Contact [email protected] to exercise these rights.

8. Cookies

NexusQA uses essential cookies for authentication and session management. We also use analytics cookies (with your consent) to understand usage patterns. You can manage cookie preferences through the cookie consent banner. Essential cookies cannot be disabled as they are required for the Service to function.

9. Children's Privacy

NexusQA is not intended for use by anyone under 16. We do not knowingly collect information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or to exercise your data rights: