AWT Cloud

Privacy Policy

Last updated: February 24, 2026

1. Overview

AWT Cloud ("the Service") is operated by AWT ("we", "us", or "our"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

2. Data We Collect

2.1 Account Information

  • Email address (used for authentication and notifications)
  • Authentication tokens (managed by Supabase Auth)
  • Subscription tier and billing status

2.2 Test Data

  • Target URLs you submit for testing
  • AI-generated test scenarios (YAML)
  • Test execution results and screenshots
  • Uploaded reference documents (PDF, DOCX, MD, TXT)
  • Console logs captured during test execution

2.3 AI API Keys (BYOK)

If you choose to provide your own AI API key, it is encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256) before being stored in our database. The encryption key is stored as a server environment variable and is never exposed to clients or included in API responses. We only decrypt your key server-side when making AI API calls on your behalf.

2.4 Usage Data

  • API request logs (IP address, timestamp, endpoint)
  • Test execution counts and timing
  • Error logs for debugging and service improvement

3. How We Use Your Data

  • Service delivery: Running tests, generating scenarios, producing reports
  • Authentication: Verifying your identity and managing sessions
  • Billing: Tracking usage against plan limits
  • Service improvement: Analyzing usage patterns and fixing bugs
  • Communication: Sending service-related notifications

4. Data Storage and Security

  • Database: PostgreSQL hosted on Supabase (AWS ap-northeast-2, Seoul region)
  • Backend: Hosted on Render with HTTPS encryption in transit
  • Frontend: Hosted on Vercel with global CDN
  • Screenshots: Stored temporarily on the backend server; deleted after 7 days
  • API keys: Fernet-encrypted at rest (see Section 2.3)

All data is transmitted over HTTPS/TLS. We use industry-standard security practices but cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Authentication and database hosting
  • Render — Backend application hosting
  • Vercel — Frontend hosting
  • Lemon Squeezy — Payment processing (paid plans only)
  • OpenAI / Anthropic — AI scenario generation (server default or your BYOK key)
  • Sentry — Error tracking (optional, if configured)

When using the server default AI provider, test URLs and page content are sent to the AI provider for scenario generation. When using BYOK, the same data is sent using your own API key.

6. Data Retention

  • Test results: Retained until you delete them or close your account
  • Screenshots: Automatically deleted after 7 days
  • Uploaded documents: Retained until you delete them
  • Account data: Deleted within 30 days of account closure
  • Server logs: Retained for up to 30 days

7. Your Rights

You have the right to:

  • Access your data through the dashboard and API
  • Delete your test data, documents, and API keys at any time
  • Export your test scenarios (YAML) and results (JSON)
  • Close your account and request full data deletion
  • Withdraw your BYOK API key at any time via Settings

8. Cookies

We use essential cookies and local storage for authentication (Supabase session tokens). We do not use tracking cookies or third-party analytics cookies.

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top indicates the latest revision.

11. Contact

For privacy-related questions or data deletion requests, contact us at awt.dev.team@gmail.com.

See also: Terms of Service