Legal
Privacy Policy
1. Who we are
ScreenQA is operated by Enigma ("we", "us", "our"). This Privacy Policy explains what personal data we collect when you use the ScreenQA macOS app or visit screenqa.com, how we use it, who else processes it, and the rights you have over it.
If anything is unclear, reach us at hello@screenqa.com.
2. What we collect
2.1 Account data
When you sign in to ScreenQA we collect:
- Email address and name (from your identity provider — Apple, Google, or via email magic link)
- A WorkOS user identifier we use as your account key
- An opaque bearer token we issue to the app, stored locally in your macOS Keychain
We never receive or store the access tokens issued by Apple or Google to WorkOS. We do not see your social-login passwords.
2.2 Session metadata
For each session you upload, we store:
- Session timestamps, duration in seconds, and number of issues detected
- A short, generated session title and description
We use this to enforce your monthly plan limits (sessions and audio seconds) and to show your usage in-app.
2.3 Audio and screenshots
Audio recordings you upload are sent to our backend solely to be forwarded to OpenAI Whisper for transcription. We do not store the audio file on our servers beyond what is required to complete the request. Screenshots stay on your Mac (see §5).
2.4 Transcripts and summaries
Transcripts and the LLM-generated JSON summary returned by the model are written back to your Mac. We do not retain a copy.
2.5 Payment data
If you upgrade to a paid plan we use Paddle as our Merchant of Record. Paddle handles card details; we never see or store them. We receive a Paddle customer/subscription identifier and the plan you're on.
2.6 Website analytics
Visits to screenqa.com are measured with Google Analytics 4 (see §8).
3. How we use it
- To run the product: authenticate you, accept session uploads, return the transcribed report.
- To enforce plan quotas (sessions and seconds per rolling 30 days).
- To send transactional emails — magic-link sign-ins, receipts from Paddle, and (rarely) account-related notices.
- To improve and debug the product. When we look at logs, we look at error traces and quota counters — not at the contents of your walkthroughs.
- To comply with legal obligations (tax invoicing via Paddle; responding to lawful requests).
We do not sell your data, share it with advertisers, or use it to train AI models.
4. Third-party processors
We use a small set of vendors to run the service. Each is contractually bound to process data only on our instructions.
| Vendor | What they do | What they receive |
|---|---|---|
| OpenAI | Audio transcription (Whisper) and report generation (GPT-4o-mini) | The audio file and transcript text for the duration of the request. Per OpenAI's API terms, this data is not used to train their models. |
| WorkOS (AuthKit) | Authentication and identity | Your email, name, and identity-provider profile. |
| Paddle | Merchant of Record for paid subscriptions — payment, tax, invoicing, refunds | Your email, payment details, billing address, and the plan you purchase. |
| Hetzner | Bare-metal hosting for our backend (Germany) | All server traffic and stored account/session metadata. |
| Google Analytics 4 | Anonymous website usage on screenqa.com | Aggregated traffic, page views, referrer — no app or session content. |
5. Where your sessions live
The on-disk session — audio, screenshots, manifest, transcript, summary — lives on your Mac, under ~/Documents/ScreenQA/sessions/. We do not upload screenshots and we do not keep audio after the transcription completes. Deleting the folder deletes the session.
6. Data retention
- Account record: kept as long as your account is open. Closing your account deletes it within 30 days.
- Session metadata (timestamps, durations, issue counts): kept for the life of the account so we can show your history and enforce quotas.
- Audio files: not retained — processed in-flight and discarded.
- Payment records: retained by Paddle and us for the period required by tax and accounting law (typically 7 years).
- Server logs: rotated after 30 days.
7. Your rights
Depending on where you live (GDPR in the EU/EEA/UK, CCPA/CPRA in California, and similar regimes elsewhere) you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and associated data
- Export your data in a portable format
- Object to or restrict certain processing
- Lodge a complaint with your local data-protection authority
To exercise any of these, email hello@screenqa.com from the address associated with your account. We respond within 30 days.
9. Security
- All traffic between the app and our backend is over HTTPS (TLS).
- Bearer tokens issued to the app are stored in the macOS Keychain.
- Audio uploads are processed in memory and forwarded to OpenAI; nothing is written to disk on our servers.
- The backend database is on a dedicated Hetzner box behind a firewalled VPC.
- We follow the principle of least privilege — only the engineers who need backend access have it.
No system is perfectly secure. If you believe you've found a vulnerability, please disclose responsibly to hello@screenqa.com.
10. Children's privacy
ScreenQA is a developer tool intended for users 16 and older. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
11. International data transfers
Our backend is hosted in Germany. Some of our processors (notably OpenAI, WorkOS, and Google Analytics) are based in the United States. Where transfers leave the EU/EEA, they are protected by the EU–US Data Privacy Framework, Standard Contractual Clauses, or equivalent safeguards.
12. Changes to this policy
If we change this policy in a way that materially affects how we handle your data, we'll post the updated version here with a new "Last updated" date, and — for material changes — notify you in-app or by email before the change takes effect.
13. Contact us
Privacy questions, data requests, or anything else: hello@screenqa.com.
ScreenQA is made by Enigma — madebyenigma.com.