# iVisionQA Privacy Policy

**Effective Date:** March 6, 2026
**Last Updated:** March 6, 2026

## 1. Overview

This Privacy Policy explains how iVisionQA ("we," "us") handles data in connection with the iVisionQA SDK, CLI, and associated services (the "Service").

**Key principle:** iVisionQA is designed to be privacy-first. Your screenshots, test results, and code never leave your machine except when sent to Anthropic's API for analysis.

## 2. Data We Do NOT Collect

- **Screenshots**: Captured and stored locally. Sent to Anthropic's API for analysis, not to iVisionQA.
- **Source code**: Never accessed, transmitted, or stored by iVisionQA.
- **Test results and reports**: Stored locally in your project directory.
- **API keys**: Not logged, stored, or transmitted by iVisionQA.

## 3. Data Flow

```
Your Machine                    Anthropic API
┌─────────────────┐            ┌──────────────────┐
│ Screenshot taken │──base64──▶│ Claude Vision     │
│ (stored locally) │           │ analyzes image    │
│                  │◀──JSON────│ returns score +   │
│ Report saved     │           │ issues            │
│ (stored locally) │           └──────────────────┘
└─────────────────┘
```

- Screenshots are base64-encoded and sent via HTTPS to Anthropic's Messages API.
- Per Anthropic's API data policy, data submitted via the API is **not used to train models**.
- The API response (JSON score and issues) is returned to your machine and stored locally.

## 4. Local Storage

iVisionQA stores the following files locally:

| File        | Location                              | Contents                             |
| ----------- | ------------------------------------- | ------------------------------------ |
| Usage data  | `~/.ivisionqa/usage.json`             | Monthly analysis count, project list |
| Screenshots | `<project>/test-results/screenshots/` | PNG screenshots of tested pages      |
| AI Reports  | `<project>/test-results/ai-reports/`  | JSON analysis results                |
| Baselines   | `<project>/test-baselines/`           | Visual regression baselines          |
| Config      | `<project>/.env.ivisionqa`            | API key, settings                    |

## 5. Anthropic API Data Handling

When you use iVisionQA (whether with an iVisionQA API key or BYOK):

- Your data is processed under [Anthropic's API Terms of Service](https://www.anthropic.com/api-terms).
- Anthropic does **not** use API inputs or outputs to train models.
- Anthropic may retain API logs for up to 30 days for abuse detection, after which they are deleted.
- For details, see Anthropic's [Privacy Policy](https://www.anthropic.com/privacy).

## 6. iVisionQA API Keys

If you use an iVisionQA-issued API key (prefixed `ivq_`):

- The key authenticates your requests through iVisionQA's API proxy.
- We log request timestamps and usage counts for billing purposes.
- We do **not** log or store the content of requests (screenshots or analysis results).

## 7. BYOK (Bring Your Own Key)

If you supply your own Anthropic API key:

- Requests go directly to Anthropic's API.
- iVisionQA has no visibility into your API usage.
- Billing is between you and Anthropic.

## 8. Children's Privacy

iVisionQA is a developer tool and is not directed at children under 13. We do not knowingly collect data from children.

## 9. GDPR and CCPA

Since iVisionQA processes data locally and does not collect personal information:

- **GDPR**: No personal data is transmitted to iVisionQA. Anthropic acts as a data processor for API requests.
- **CCPA**: We do not sell personal information. We do not collect personal information through the Service.

If you have data subject requests, contact us at privacy@ivisionqa.dev.

## 10. Changes to This Policy

We may update this policy by posting the revised version at https://ivisionqa.dev/legal/privacy. Material changes will be communicated via our changelog.

## 11. Contact

iVisionQA
Email: privacy@ivisionqa.dev
Web: https://ivisionqa.dev
