Last updated: March 26, 2026
Zantiq, Inc. ("Zantiq," "we," "us," or "our") operates the Zantiq platform, including our website at zantiq.io, our dashboard, our API, and all related services (collectively, the "Service"). Zantiq is an AI-powered testing platform that provisions real online identities to automate end-to-end testing of web applications.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, use our dashboard, access our API, or otherwise interact with the Service. It applies to all users of the Service, including free and paid subscribers, and to anyone who visits our website.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
We collect several categories of information to provide and improve the Service. The specific data we collect depends on how you interact with our platform.
When you create an account, we collect your name, email address, and profile picture. We support authentication via GitHub OAuth and Google OAuth, through which we receive your profile information and email address from those providers. We do not collect or store your GitHub or Google passwords.
Payment processing is handled entirely by Stripe. When you subscribe to a paid plan, your payment information (credit card numbers, bank account details) is collected and processed directly by Stripe. We never see, receive, or store your full card numbers. We receive only a summary from Stripe, including the last four digits of your card, the card brand, expiration date, and billing address for invoice and tax purposes.
When you use the Service, we collect and process the test instructions you provide, the target URLs and domains you specify, your test configurations and parameters, the test reports and results generated by the platform, and any screenshots or recordings captured during test execution. This data is necessary to operate the Service and deliver test results to you.
As part of the Service, we provision real online identities for automated testing. This includes email accounts, phone numbers, social media profiles, browser profiles, and virtual payment cards created on your behalf and solely for testing purposes. This identity data is generated and managed by the platform and is not derived from real individuals. See Section 5 (Tester Identity Data) for detailed information about how this data is handled.
We automatically collect information about how you use the Service. This includes the pages and features you access, the number of tests you run, the number of API calls you make, timestamps of your interactions, and general usage patterns. This data helps us understand how the Service is used and how we can improve it.
When you access the Service, we automatically collect information about your device, including your browser type and version, operating system, IP address, and approximate geographic location derived from your IP address. This information helps us provide a secure and optimized experience.
We use essential cookies only. Specifically, we use a session cookie to maintain your authenticated session when you are logged in. We do not use advertising cookies, marketing cookies, or third-party tracking cookies. See Section 12 (Cookies) for full details.
We use PostHog for product analytics with privacy-preserving defaults enabled. PostHog is configured to anonymize IP addresses and operates in a cookie-free mode by default. We use analytics data in aggregate to understand product usage and improve the Service.
We use the information we collect for the following purposes:
Zantiq uses artificial intelligence to power its automated testing capabilities. We believe in transparency about how AI is used in our Service and how your data interacts with AI systems.
AI Provider:Test instructions and related context are processed by Anthropic's Claude API to generate and execute test plans. Anthropic acts as a data processor on our behalf and processes your data solely to provide the service to us.
No model training: Anthropic does not use customer data submitted through our Service for training or improving their AI models. Your test instructions, results, and data are not used as training data by Anthropic or by Zantiq.
AI-generated content: Test results, reports, and analysis generated by the Service are produced by AI. While we strive for accuracy, AI-generated outputs may contain inaccuracies, errors, or incomplete information. You should review and verify test results before making decisions based on them.
AI-generated personas: The tester identities (names, biographical details, preferences) created by the platform are entirely AI-generated. They are synthetic personas and are not based on, derived from, or modeled after any real individuals.
Our own models: We do not use your data to train our own AI models. Any data analysis we perform for product improvement uses only aggregated and anonymized data that cannot be linked back to individual users or their test data.
This section provides detailed information about how we handle the online identities provisioned for automated testing. Given the sensitive nature of this data, we apply heightened security and isolation measures.
Tester identities are created solely for the purpose of automated testing. Each identity consists of components such as email accounts, phone numbers, browser profiles, social media accounts, and virtual payment cards. These identities are synthetic and AI-generated — they do not represent or impersonate real people.
All tester identity data is strictly isolated per customer. There is no cross-customer data access. Your tester identities, credentials, and associated data are accessible only to your account and cannot be viewed, accessed, or used by any other customer of the Service.
Tester identity credentials are encrypted at rest using AES-256 encryption with per-tester derived keys. This means that even in the unlikely event of a data breach, credentials for one tester cannot be used to decrypt credentials for another. Encryption keys are managed through a secure key derivation process and are never stored alongside the encrypted data.
Tester identity components are provisioned through the following third-party providers, each of which is subject to their own privacy policy:
When a tester is terminated (either by you or automatically), all associated identity components are deprovisioned within 24 hours. This includes releasing phone numbers, closing email accounts, deleting browser profiles, and closing virtual cards. After deprovisioning, the identity data cannot be recovered.
SMS messages received on tester phone numbers and emails received in tester inboxes are used exclusively for the purpose of test execution (for example, to retrieve verification codes or confirm email addresses). This content is never shared with third parties, never used for marketing purposes, and is deleted in accordance with our data retention schedule.
We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it. Our security practices include:
Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. Our specific retention periods are as follows:
Depending on your jurisdiction, you may have specific rights regarding your personal information. We are committed to honoring these rights regardless of where you are located, to the extent practicable.
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
To exercise any of the rights described above, please contact us at privacy@zantiq.io. Please include sufficient information for us to verify your identity and specify which right you wish to exercise.
We will respond to your request within 30 days of receipt. If we need additional time (up to 60 days total), we will notify you of the extension and the reason for it. There is no charge for submitting a request, unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline the request.
Zantiq is based in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that are different from the laws of your country.
For transfers of personal data from the European Economic Area (EEA) and the United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, as applicable. These clauses provide appropriate safeguards to ensure that your data is protected to the standard required by GDPR Article 46.
We ensure that all our service providers who process personal data on our behalf implement adequate safeguards for international data transfers. A Data Processing Agreement (DPA) is available upon request by contacting privacy@zantiq.io.
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. We do not target the Service to minors and do not knowingly allow anyone under 18 to create an account.
If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete that information from our systems. If you believe that we may have collected information from a child under 18, please contact us immediately at privacy@zantiq.io so that we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.
For material changes that significantly affect how we collect, use, or share your personal information, we will provide at least 30 days' advance notice. This notice will be provided via email to the address associated with your account and through a prominent notice on the Service.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and close your account before the changes take effect.
Previous versions of this Privacy Policy are available upon request by contacting privacy@zantiq.io.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the appropriate channel below:
If you are located in the European Economic Area or the United Kingdom and believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with your local supervisory authority (data protection authority). You can find your local authority at edpb.europa.eu for EU authorities or contact the Information Commissioner's Office (ICO) for the United Kingdom.
We encourage you to contact us first so that we can try to resolve your concern directly.