Fantesty
LEGAL

Privacy Policy

Effective: April 1, 2026Version: 3.4.0· Download PDF· Diff vs prior

01Introduction

Fantesty Inc. ("Fantesty", "we", "our") provides an AI-native load testing platform for engineering teams. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our websites, use our products, or interact with us as a customer, prospect, or end user.

This policy applies globally; specific addenda apply to residents of the EEA, UK, Switzerland, California, and Brazil. Where local law conflicts with this policy, local law governs.

02Data we collect

Account data

When you create an account we collect your name, work email, organization, and authentication credentials (or SSO tokens). For paid plans, billing contact and tax identifiers may be required.

Usage data

We log API requests, console activity, browser metadata (user-agent, IP, viewport), and product telemetry. This data is used to operate and improve the service.

Customer content

Test scripts, run results, and dashboards uploaded by you. We treat customer content as confidential and process it only on your instructions.

Cookies and similar technologies

Strictly necessary cookies (session, CSRF), preference cookies (theme, locale), and analytics cookies (only if you opt in via the banner). See our Cookie Notice for the full inventory.

03How we use data

  • Provide, maintain, and secure the service.
  • Authenticate users and enforce access controls.
  • Bill customers and prevent fraud.
  • Communicate operational notices, security alerts, and (with consent) product updates.
  • Improve features and train internal classifiers — never to train third-party foundation models on your customer content.
  • Comply with legal obligations and respond to lawful requests.

04Sharing & sub-processors

We share personal information only with: (a) sub-processors acting on our instructions, under DPA; (b) professional advisors under confidentiality; (c) authorities where legally required; or (d) successors in a corporate transaction, with notice.

Our current sub-processor list (cloud hosting, payments, email, telemetry, support, AI inference) is published at /security/subprocessors and updated at least 30 days before changes take effect.

05International transfers

Personal data may be processed in the United States and the European Union. For transfers out of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses, the UK IDTA, or other approved mechanisms. EU/UK data residency is available on the Scale plan; contact privacy@fantesty.io to enable.

06Retention

We retain account data for the life of the account plus 30 days after deletion. Run telemetry is retained according to your plan (7 / 90 days, or unlimited on Scale). Backups are rotated on a 35-day cycle.

You may request earlier deletion at any time via the in-app Privacy Center or by emailing privacy@fantesty.io; we will comply within 30 days unless retention is required by law.

07Security

We maintain administrative, technical, and physical safeguards designed to protect personal data: AES-256 encryption at rest, TLS 1.3 in transit, role-based access, mandatory MFA for staff, SOC 2 Type II audited controls, quarterly third-party pen tests, and a continuous bug bounty program. See our Security page for the full overview.

No system is perfectly secure. We will notify affected customers of any incident involving their personal data without undue delay, and within 72 hours where required.

08Your rights

Depending on jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. To exercise rights, use the Privacy Center or email privacy@fantesty.io. We respond within 30 days; appeals are reviewed by a different reviewer.

EU/EEA, UK, and Swiss residents may lodge complaints with their supervisory authority. California residents may submit a CCPA request via the same channels; we do not "sell" or "share" personal information for cross-context behavioral advertising.

09Children

Fantesty is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us so we can delete it.

10Changes to this policy

We may update this policy. Material changes will be announced at least 30 days in advance via email and an in-product banner. The "Diff vs prior" link above shows the redline.

11Contact

Fantesty Inc. · 351 California St · San Francisco, CA 94104 · USA

Privacy: privacy@fantesty.io · DPO: dpo@fantesty.io · EU rep: Fantesty B.V., Amsterdam.