Privacy Policy

Last updated: June 13, 2025

Ophyx is committed to protecting your privacy and personal data. This policy explains in detail how we collect, use, store, and protect your information when you use our AI-powered testing automation platform.

1. Data Controller Information

Ophyx operates as a Software-as-a-Service (SaaS) platform providing AI-powered test automation and workflow management services. We are the data controller responsible for your personal information.

Company: Ophyx

Address: Cité les pins, Rue de la fleur d'érable, Tunis 1053, Tunisia

Email: [email protected]

Business Registration: Registered in Tunisia

2. Types of Data We Collect

We collect different types of personal data to provide you with our AI-powered testing automation services. Here's a comprehensive overview of what we collect and why:

2.1 Account and Identity Data

  • Full Name: Used to personalize your experience, display in your profile, and for account identification purposes
  • Email Address: Required for account creation, login authentication, service communications, support requests, and security notifications
  • Phone Number: Optional but helpful for account security verification, urgent support issues, and two-factor authentication if enabled
  • Username: Your unique identifier within our platform for project collaboration and sharing
  • Profile Information: Any additional information you choose to add to your profile, including profile pictures and bio

2.2 Technical and Usage Data

  • IP Address: Collected for security purposes, fraud prevention, geographic analysis, and to comply with legal requirements
  • Browser Information: Browser type, version, and settings to optimize our service compatibility and user experience
  • Device Information: Operating system, device type, screen resolution, and hardware specifications to ensure optimal performance
  • Navigation Data: Pages visited, time spent on each page, click patterns, and user interactions to improve our interface and user experience
  • Session Data: Login times, session duration, and activity patterns for security monitoring and service optimization
  • Performance Metrics: Page load times, API response times, and error rates to maintain and improve service quality

2.3 Platform-Specific Data

  • Test Configurations: Your automated test setups, including URLs, test scenarios, parameters, and custom scripts you create
  • Execution Results: Test outcomes, performance metrics, error logs, screenshots, and execution history for analysis and reporting
  • Workflow Data: Your automation workflows, conditional logic trees, step configurations, and execution patterns
  • Project Organization: How you organize your tests, projects, folders, and collaborative workspace settings
  • AI Interactions: Your prompts to our AI system, generated test code, and AI-suggested improvements (anonymized for model training)
  • Integration Data: Connected third-party services, API keys (encrypted), and integration configurations

2.4 Communication Data

  • Support Conversations: Chat logs, support tickets, email exchanges, and feedback you provide to help us assist you better
  • Survey Responses: Feedback, ratings, and survey responses you voluntarily provide to help us improve our services
  • Marketing Preferences: Your communication preferences, subscription choices, and marketing consent status

3. How We Use Your Data

We use your personal data for specific, legitimate purposes that are essential to providing you with our AI-powered testing automation platform. Here's a detailed breakdown:

3.1 Core Service Delivery

  • Creating and managing your user account and profile
  • Executing your automated tests and workflows using our AI engine
  • Storing and presenting your test results and analytics
  • Enabling collaboration features with team members
  • Processing AI-generated test suggestions and improvements
  • Maintaining your project organization and data structure
  • Providing real-time execution monitoring and notifications

3.2 Customer Support & Assistance

  • Responding to your support requests and technical issues
  • Troubleshooting problems with our platform or your tests
  • Providing guidance on best practices and feature usage
  • Offering personalized recommendations based on your usage patterns
  • Resolving billing and subscription-related inquiries
  • Conducting user training and onboarding sessions

3.3 Platform Improvement & Analytics

  • Analyzing usage patterns through Google Analytics to understand user behavior
  • Identifying and fixing performance bottlenecks and technical issues
  • Developing new features based on user needs and feedback
  • Improving our AI algorithms and test generation capabilities
  • Optimizing user interface and user experience design
  • Monitoring service uptime, reliability, and security
  • Conducting A/B tests for platform enhancements

3.4 Communication & Marketing

  • Sending service updates, feature announcements, and important notices
  • Delivering newsletters and educational content (with your explicit consent)
  • Sharing tips, best practices, and optimization recommendations
  • Conducting user research and feedback collection
  • Inviting participation in beta programs and early access features
  • Providing security alerts and account notifications

3.5 Security & Compliance

  • Monitoring for suspicious activities and potential security threats
  • Preventing fraud, abuse, and unauthorized access to accounts
  • Maintaining audit logs for security and compliance purposes
  • Enforcing our Terms of Service and acceptable use policies
  • Complying with legal obligations and regulatory requirements
  • Protecting intellectual property and preventing misuse of our platform

3.6 Business Operations

  • Processing payments and managing subscriptions through Konnect Tunisia
  • Generating invoices and maintaining financial records
  • Managing resource allocation and capacity planning
  • Conducting business analysis and strategic planning
  • Ensuring service continuity and disaster recovery
  • Meeting tax and accounting obligations

4. Third-Party Services and Integrations

To provide you with the best possible service, we integrate with carefully selected third-party providers. Here's detailed information about each service and how your data is handled:

Google Analytics

Purpose: We use Google Analytics to understand how users interact with our platform, identify popular features, and optimize user experience.

Data Collected: Anonymized usage statistics, page views, session duration, bounce rates, traffic sources, and demographic information (age range, location).

Data Processing: Google processes this data according to their privacy policy. We've configured Google Analytics with privacy-friendly settings including IP anonymization.

Your Control: You can opt out by installing the Google Analytics Opt-out Browser Add-on or by managing your cookie preferences.

Retention: Analytics data is automatically deleted after 26 months.

Tawk.to (Customer Support Chat)

Purpose: Tawk.to provides our live chat functionality, enabling real-time customer support and technical assistance.

Data Collected: Chat conversations, your name, email address, and any information you voluntarily share during support interactions.

Data Processing: Conversations are stored securely and used solely for providing support and improving our service quality.

Your Control: You can request deletion of your chat history by contacting our support team.

Security: All chat data is encrypted in transit and at rest. Tawk.to complies with GDPR and other privacy regulations.

Retention: Chat logs are retained for 2 years to maintain support history and quality assurance.

Konnect Tunisia (Payment Processing)

Purpose: Konnect Tunisia securely processes all payment transactions for subscriptions and service fees.

Data Security: We never store or have access to your complete credit card information. Konnect Tunisia handles all sensitive payment data using industry-standard encryption and security measures.

Data Shared: We only receive confirmation of successful payments, transaction IDs, and basic billing information necessary for account management.

Compliance: Konnect Tunisia is PCI DSS compliant and follows strict financial industry security standards.

Your Rights: You can access your payment history through your account dashboard or by contacting our billing team.

Retention: Payment records are retained for 10 years as required by Tunisian tax law.

Google Gemini AI (AI Processing)

Purpose: We use Google's Gemini AI to analyze web pages, generate test scripts, and provide intelligent automation suggestions.

Data Processing: URLs and webpage content are sent to Gemini for analysis. Personal information is filtered out before processing.

Privacy Protection: We anonymize and sanitize data before sending it to AI services. No personally identifiable information is included in AI processing.

Data Retention: Google may temporarily cache AI requests for service improvement, but this data is not permanently stored or used for other purposes.

Your Control: You can opt out of AI-powered features if you prefer manual test creation.

5. Legal Basis for Processing

We process your personal data based on several legal grounds, ensuring that all data processing is lawful, fair, and transparent:

Contract Performance

Your Protection: We will provide advance notice of such transactions and ensure the acquiring party commits to protecting your data under equivalent privacy standards.

Team Collaboration and Sharing

When you use collaborative features, certain data may be shared within your organization:

  • Project data shared with team members you invite
  • Test results visible to collaborators on shared projects
  • User activity within shared workspaces
  • Comments and annotations on collaborative tests

Your Control: You maintain full control over what you share and with whom through our granular permission system.

8. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

End-to-End Encryption

All data transmitted between your browser and our servers uses TLS 1.3 encryption

Encrypted Data Storage

Sensitive data is encrypted at rest using AES-256 encryption standards

Access Controls

Multi-factor authentication and role-based access to sensitive systems

Activity Monitoring

Continuous monitoring for suspicious activities and security threats

Secure Backups

Regular encrypted backups stored in geographically distributed locations

Organizational Safeguards

Staff Training

Regular privacy and security training for all employees handling personal data

Data Processing Agreements

Strict contractual obligations for all third-party service providers

Regular Audits

Periodic security assessments and compliance reviews

Vulnerability Management

Regular security testing and prompt patching of identified vulnerabilities

Incident Response

Documented procedures for responding to security incidents and data breaches

Data Breach Response

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours of discovery, along with details about what happened, what data was involved, and what steps we're taking to address the issue and prevent future occurrences.

9. Your Privacy Rights

Under Tunisian data protection law and international privacy standards, you have several important rights regarding your personal data. We are committed to facilitating the exercise of these rights:

Right of Access

Request a copy of all personal data we hold about you, including:

  • Account information and profile data
  • Test configurations and execution history
  • Communication records and support tickets
  • Billing and payment information

Right of Rectification

Correct or update inaccurate personal information:

  • Update your profile information directly in your account
  • Request correction of billing or contact details
  • Modify project settings and configurations
  • Update communication preferences

Right of Erasure (Right to be Forgotten)

Request deletion of your personal data when:

  • The data is no longer necessary for our services
  • You withdraw consent for processing
  • You object to processing and we have no overriding legitimate interests
  • Your data has been unlawfully processed

Right to Object

Object to processing of your personal data for:

  • Direct marketing purposes (including profiling)
  • Processing based on legitimate interests
  • Scientific or historical research purposes
  • Statistical purposes

Right to Data Portability

Receive your personal data in a structured, machine-readable format:

  • Export your test data and configurations
  • Download your account information
  • Transfer data to another service provider
  • Receive data in common formats (JSON, CSV, etc.)

Right to Restrict Processing

Limit how we process your data when:

  • You contest the accuracy of your personal data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification

How to Exercise Your Rights

Contact us: [email protected]

Response time: We will respond to your request within 30 days

Verification: We may ask for identity verification to protect your privacy

No cost: Exercising your rights is free unless requests are excessive or unfounded

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. Here's a comprehensive overview of how we use these technologies:

10.1 Types of Cookies We Use

Essential Cookies

Required for basic platform functionality:

  • User authentication and session management
  • Security features and CSRF protection
  • Load balancing and performance optimization
  • Shopping cart and form data preservation

Duration: Session or until logout

Analytics Cookies

Help us understand user behavior (requires consent):

  • Page views and navigation patterns
  • Feature usage and engagement metrics
  • Performance monitoring and error tracking
  • A/B testing and optimization data

Duration: Up to 26 months

Preference Cookies

Remember your choices and settings:

  • Language and region preferences
  • Theme and display settings
  • Dashboard layout customizations
  • Notification preferences

Duration: 12 months

10.2 Cookie Management Options

Browser Settings

Most browsers allow you to:

  • Block all cookies or specific types
  • Delete existing cookies
  • Set notifications when cookies are set
  • Browse in private/incognito mode

Note: Blocking essential cookies may affect platform functionality.

Our Cookie Consent

We provide granular control through:

  • Cookie consent banner on first visit
  • Cookie preferences in account settings
  • Easy opt-out options for non-essential cookies
  • Clear information about each cookie type

Access: Manage preferences in your account dashboard.

10.3 Third-Party Tracking

Google Analytics: We use Google Analytics with privacy-friendly settings including IP anonymization and data retention limits. You can opt out using Google's opt-out tool or by managing your cookie preferences with us.

11. International Data Transfers

Your personal data is primarily processed and stored within Tunisia. However, some of our service providers may be located outside Tunisia, requiring international data transfers.

Data Transfer Safeguards

When we transfer data internationally, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries recognized as providing adequate data protection
  • Standard Contractual Clauses: EU-approved contracts ensuring equivalent protection levels
  • Certification Schemes: Providers certified under recognized privacy frameworks
  • Binding Corporate Rules: Internal policies ensuring consistent global protection standards

Specific Transfer Details

Service Provider Location Safeguards
Google Analytics United States Standard Contractual Clauses, IP anonymization
Google Gemini AI United States Data Processing Agreement, data minimization
Tawk.to European Union GDPR compliance, EU-based servers

12. Children's Privacy

Age Restrictions

Our platform is designed for professional use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have inadvertently collected personal information from a child under 18, we will:

  • Delete the information as quickly as possible
  • Terminate the associated account
  • Notify the parent or guardian if contact information is available
  • Implement additional measures to prevent future occurrences

If you believe a child has provided us with personal information, please contact us immediately at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Here's how we handle policy updates:

Types of Changes

Minor Changes
  • Clarifications to existing policies
  • Contact information updates
  • Formatting and readability improvements
  • Correction of typographical errors
Material Changes
  • New data collection practices
  • Changes to data sharing policies
  • Modifications to your rights
  • New third-party integrations

How We Notify You

  • Email Notification: For material changes, we'll send advance notice to your registered email address
  • Platform Notice: Prominent notifications within our platform for 30 days
  • Updated Date: The "Last updated" date at the top of this policy will always reflect the most recent changes
  • Version History: Previous versions are available upon request for transparency

Your Continued Use: By continuing to use our platform after policy changes take effect, you acknowledge that you have read and accept the updated Privacy Policy. If you disagree with any changes, you may terminate your account.

14. Contact Information

We're committed to addressing your privacy concerns and questions. Here are multiple ways to contact us regarding this Privacy Policy or your personal data:

Privacy Inquiries

General Privacy Questions

[email protected]

Response time: Within 48 hours

Data Rights Requests

[email protected]

Response time: Within 30 days

Security Concerns

[email protected]

Response time: Within 24 hours

Company Information

Company Name: Ophyx

Legal Address:
Cité les pins, Rue de la fleur d'érable
Tunis 1053, Tunisia

Business Hours:
Monday - Friday: 9:00 AM - 6:00 PM (GMT+1)
Saturday - Sunday: Emergency support only

Languages: English, French, Arabic

When Contacting Us About Privacy

To help us process your request efficiently, please include:

  • Your full name and email address associated with your account
  • Specific request type (access, correction, deletion, etc.)
  • Detailed description of what information you're requesting or what changes you want
  • Verification information to confirm your identity (we may ask for additional verification)
  • Preferred response method and any urgency requirements

Data Protection Officer

While not required under Tunisian law for companies of our size, we have designated a Data Protection Officer to ensure the highest standards of privacy protection. You can reach our DPO directly through our main contact email for any privacy-related concerns.

15. Additional Privacy Information

Data Processing Impact Assessments

For high-risk data processing activities, we conduct Data Protection Impact Assessments (DPIAs) to evaluate and mitigate potential privacy risks. This includes:

  • Assessment of new AI features and their impact on user privacy
  • Evaluation of third-party integrations and data sharing arrangements
  • Review of automated decision-making processes
  • Analysis of data retention and deletion procedures

Automated Decision-Making and Profiling

Our platform uses AI to generate test scripts and provide automation suggestions. Here's what you should know:

  • Purpose: Improve test generation accuracy and provide relevant suggestions
  • Human Oversight: All AI suggestions require your review and approval
  • Your Control: You can disable AI features and opt for manual test creation
  • No Harmful Profiling: We don't make decisions that significantly affect you based solely on automated processing

Privacy by Design

We implement privacy protection measures from the earliest stages of system design:

  • Data minimization in all collection practices
  • Purpose limitation for all processing activities
  • Storage limitation with automated deletion
  • Accuracy maintenance through user controls
  • Integrity and confidentiality through encryption
  • Accountability through detailed logging
  • Transparency through this comprehensive policy
  • User control through granular privacy settings

Regulatory Compliance

While primarily governed by Tunisian law, we also align with international privacy standards:

Tunisian Law

Organic Law No. 2004-63 on Personal Data Protection

GDPR Alignment

EU General Data Protection Regulation principles

International Standards

ISO 27001 and SOC 2 compliance frameworks

Our Commitment to Your Privacy

At Ophyx, privacy isn't just a legal requirement—it's a fundamental value that guides how we build and operate our platform. We're committed to:

  • Maintaining transparency in all our data practices
  • Providing you with meaningful control over your information
  • Implementing industry-leading security measures
  • Continuously improving our privacy protections
  • Respecting your rights and responding to your requests promptly
  • Staying current with evolving privacy laws and standards
  • Building privacy considerations into every feature we develop
  • Fostering a culture of privacy awareness within our organization

Thank you for trusting us with your data. If you have any questions or concerns about this Privacy Policy or our privacy practices, please don't hesitate to contact us.