Rock Smith Logo

Rock Smith

Your privacy matters

Privacy Policy

We believe in transparency. This policy explains how Rock Smith collects, uses, and protects your information.

Effective Date: October 1, 2025

Welcome

Rock Smith ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use our AI-powered QA testing platform, including our web dashboard and desktop application.

We've written this policy in plain language to make it as clear as possible. If you have any questions, please reach out to us at contact@rocksmith.ai.

What Data We Collect

Account Information

When you create an account, we collect:

  • Email address (required for authentication and communication)
  • Full name (first and last name)
  • Profile photo (optional)
  • Password (encrypted and never stored in plain text)

Billing & Payment Information

When you subscribe or purchase credits, we collect:

  • Billing details (name, billing address)
  • Payment information (processed and stored securely by Stripe - we never store your complete credit card details)
  • Transaction history (subscriptions, credit purchases, usage)
  • Credit balance and usage (to track your available testing credits)

Testing & Usage Data

When you run tests through our platform, we collect:

  • Test configuration (URLs tested, test type, settings, timestamps)
  • Test results (issues detected, severity levels, WCAG violations, performance metrics)
  • Screenshots (visual captures of detected issues for documentation purposes)
  • Generated reports (HTML, JSON, Markdown, and XML formats)

Important Security Note: Our hybrid desktop-cloud architecture means your website's sensitive content never leaves your local machine. The desktop app runs tests locally on your computer, and only test results and screenshots are sent to our cloud servers for AI analysis. Your actual website HTML, JavaScript, and backend code stay completely private on your machine.

Analytics & Usage Information

To improve our platform, we automatically collect:

  • Usage patterns (pages viewed, features used, button clicks)
  • Device information (browser type, operating system, screen resolution)
  • Performance data (page load times, error logs)
  • Session information (login times, session duration)

We use PostHog for privacy-friendly product analytics. You can opt out of analytics tracking in your account settings.

AI & Token Usage Data

To optimize costs and performance, we track:

  • AI model usage (which models process your tests)
  • Token consumption (API usage for cost analysis and optimization)
  • Processing times (to improve AI performance)

Token usage data is automatically deleted after 90 days.

How We Use Your Data

🔧

Provide Our Services

We use your data to run tests, generate reports, manage your account, process payments, and deliver the core functionality of our platform.

🤖

AI Analysis

Your test results and screenshots are processed by AI models to detect accessibility, responsiveness, and performance issues with high accuracy.

💬

Communication

We send you essential emails about your account, test results, billing updates, and important service announcements. We won't spam you.

📊

Improvement & Analytics

We analyze usage patterns to improve our platform, fix bugs, optimize performance, and develop new features that users actually need.

🛡️

Security & Fraud Prevention

We monitor for suspicious activity, prevent unauthorized access, and protect against fraud and abuse of our platform.

⚖️

Legal Compliance

We use your data to comply with legal obligations, respond to lawful requests, and enforce our terms of service.

Data Storage & Security

We take security seriously

Your data is protected using industry-standard security measures, including encryption at rest and in transit, secure authentication protocols, and regular security audits.

Encryption

All data is encrypted in transit using TLS/SSL encryption and at rest using AES-256 encryption. Your password is hashed using industry-standard bcrypt algorithms and never stored in plain text.

Access Controls

We implement strict access controls using row-level security policies. You can only access your own data, and our team has minimal access only when necessary for support.

Infrastructure

We use Supabase for database hosting and storage, which provides enterprise-grade infrastructure with automatic backups, point-in-time recovery, and 99.9% uptime SLA.

Secure Testing

Our hybrid desktop-cloud architecture uses one-time authentication tokens that automatically expire, ensuring secure communication without exposing sensitive credentials.

Data Retention

We retain your data for different periods based on its type:

  • Account data: Retained until you delete your account
  • Test results: Retained indefinitely unless you delete them
  • Token usage data: Automatically deleted after 90 days
  • PAYG credits: Expire after 1 year from purchase date
  • Billing records: Retained for 7 years for tax and legal compliance

Third-Party Services

We work with trusted partners to deliver our services

Supabase

What they do: Database hosting, authentication, and file storage

What we share: All user data, test results, and uploaded files

Privacy Policy →

Stripe

What they do: Payment processing and subscription management (PCI DSS Level 1 certified)

What we share: Billing information, payment details, subscription data

Privacy Policy →

PostHog

What they do: Privacy-friendly product analytics and feature flagging

What we share: Anonymized usage data, page views, feature interactions

Privacy Policy →

Resend

What they do: Transactional email delivery

What we share: Email addresses and message content for account notifications and reports

Privacy Policy →

AI Service Providers

What they do: Provide large language models for AI-powered test analysis

What we share: Test results, screenshots, and issue descriptions for AI analysis (no sensitive website source code)

Important: We never sell your data to third parties. We only share data with service providers who help us deliver our platform, and they're contractually obligated to protect your information.

Your Privacy Rights

You're in control of your data

GDPR & CCPA Rights

If you're in the European Union or California, you have specific rights under GDPR and CCPA regulations:

🔍 Right to Access

Request a copy of all personal data we hold about you. We'll provide it in a portable, machine-readable format.

✏️ Right to Correction

Update or correct your personal information directly in your account settings or by contacting us.

🗑️ Right to Deletion

Request deletion of your account and associated data. We'll permanently delete it within 30 days (except data we're legally required to retain).

📤 Right to Data Portability

Export your data in JSON, CSV, or other machine-readable formats to move to another service.

🚫 Right to Object

Object to certain types of data processing, including direct marketing and analytics tracking.

⏸️ Right to Restriction

Request that we limit how we process your data while you dispute its accuracy or lawfulness.

How to Exercise Your Rights

To exercise any of these rights, email us at contact@rocksmith.ai with the subject line "Privacy Rights Request." We'll respond within 30 days.

You can also manage most of your data directly in your account settings, including downloading test reports and deleting test results.

Cookies & Tracking Technologies

We use cookies and similar technologies to make our platform work and understand how you use it.

Essential Cookies

Required for: Authentication, security, session management

Can you opt out? No - these are necessary for the platform to function.

Analytics Cookies

Used for: Understanding usage patterns, improving features, fixing bugs

Can you opt out? Yes - disable analytics in your account settings.

Functional Cookies

Used for: Remembering preferences, theme settings, UI state

Can you opt out? Yes - though your experience may be degraded.

Note: We don't use advertising or marketing cookies. We don't track you across other websites. Our analytics are focused solely on improving Rock Smith, not targeting you with ads.

Children's Privacy

Rock Smith is a business-to-business (B2B) platform designed for professional QA teams and developers. Our services are not directed at children under the age of 16.

We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at contact@rocksmith.ai and we'll delete it promptly.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

How We'll Notify You

  • Material changes: We'll email you at least 30 days before the changes take effect
  • Minor updates: We'll update the "Effective Date" at the top of this page
  • In-app notification: You'll see a banner when you log in after we make changes

Your continued use of Rock Smith after changes take effect means you accept the updated policy. If you don't agree with the changes, you can delete your account at any time.

Questions About Privacy?

We're here to help

If you have questions, concerns, or requests regarding this privacy policy or how we handle your data, please don't hesitate to reach out:

contact@rocksmith.ai

For privacy-specific inquiries, use subject line: "Privacy Inquiry"

We typically respond to privacy requests within 1-2 business days and will resolve your request within 30 days as required by law.

Go to DashboardBack to Home