Privacy Policy

Last updated: 19 April 2026

This Privacy Policy describes how Ploono s.r.o.("qlane", "we", "us") collects, uses, and shares personal data when you visit https://qlane.ai or use our services (collectively, the "Service"). We act as the data controllerunder Regulation (EU) 2016/679 ("GDPR") and Act No. 18/2018 Coll. of the Slovak Republic on the protection of personal data.

Controller
Ploono s.r.o.
Registered office
Klincová 18973/39, Bratislava, Slovakia
Company registration (IČO)
57 381 101
VAT ID (IČ DPH)
SK2122691406
Privacy contact
[email protected]

1. Data we collect

We collect only the data we need to operate the Service:

  • Account data — name, email, organization, authentication identifiers (provided via WorkOS SSO).
  • Integration data — when you connect GitHub, we receive repository metadata, pull-request diffs, and branch information required to run tests. We do not retain source code beyond the lifetime of a test session.
  • Usage data — pages viewed, feature interactions, session identifiers, and approximate location derived from IP address.
  • Technical data — browser type, device type, language, and similar diagnostic information collected via server logs.
  • Communications — content of emails or support messages you send us.

We do not knowingly collect special categories of personal data (GDPR Art. 9) and ask you not to submit such data through the Service.

2. Legal bases for processing

We process personal data under the following GDPR legal bases:

  • Contract (Art. 6(1)(b)) — to provide the Service, manage your account, and fulfil our agreement with you.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, analyse aggregate usage, and improve features. You can object at any time.
  • Consent (Art. 6(1)(a)) — for non-essential cookies, marketing emails, and optional analytics. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other applicable laws.

3. How we use data

  • Provide, operate, and maintain the Service.
  • Run AI-driven QA sessions against the repositories you connect.
  • Authenticate users and secure accounts.
  • Respond to support requests and communicate service changes.
  • Detect, prevent, and address fraud, abuse, and technical issues.
  • Comply with legal obligations.

4. Sharing and recipients

We share personal data only with trusted providers acting as processors under GDPR Art. 28, and only to the extent necessary. Current categories of recipients:

  • Authentication — WorkOS, Inc. (USA).
  • Cloud infrastructure & sandbox execution — Vercel Inc. (USA), Railway Corp. (USA).
  • AI model providers — Anthropic PBC, OpenAI OpCo LLC, Google LLC, routed through Vercel AI Gateway.
  • Source-code platform integrations — GitHub, Inc. (only repositories you explicitly connect).
  • Billing — Flexprice (for self-serve subscriptions) and Stripe Payments Europe Ltd (for payment processing).
  • Analytics & error monitoring — limited to what is strictly necessary to operate and secure the Service.

We do not sell personal data. We may disclose data where required by law, court order, or to protect the rights, property, or safety of users or third parties.

5. International transfers

Some of our processors are located outside the European Economic Area, primarily in the United States. Where we transfer personal data outside the EEA we rely on appropriate safeguards under GDPR Chapter V, in particular the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, the EU–US Data Privacy Framework.

6. Retention

  • Account data — for the lifetime of your account, plus up to 12 months thereafter for dispute resolution.
  • Test session artefacts (screenshots, logs, test cases) — retained for the duration of your subscription, then deleted within 90 days of termination.
  • Source code in sandboxes — destroyed when the microVM terminates; typically within minutes of a test session ending.
  • Billing records — retained for 10 years as required by Slovak accounting law (Act No. 431/2002 Coll.).
  • Server logs — up to 30 days.

7. Your rights

Under GDPR Art. 15–22 you have the right to:

  • access your personal data (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase data ("right to be forgotten", Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent at any time where processing is based on consent;
  • not be subject to decisions based solely on automated processing (Art. 22).

To exercise any of these rights, contact us at [email protected]. We respond within one month.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In the Slovak Republic this is the Úrad na ochranu osobných údajov Slovenskej republiky (https://dataprotection.gov.sk), Hraničná 12, 820 07 Bratislava 27, Slovakia. You may also lodge a complaint with the supervisory authority in your country of residence.

9. Cookies

We use strictly necessary cookies to operate the Service (authentication, session, CSRF). We set non-essential cookies (analytics, marketing) only with your consent. Your consent choice is stored in your browser's localStorage under the key qlane:cookie-consent. To withdraw or change your choice, clear the site data (localStorage and cookies) for this domain in your browser settings — the consent banner will then appear again on your next visit. For details see our Terms of Service.

10. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, least-privilege access controls, sandboxed execution, audit logging, and regular review of our security posture. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date and, where appropriate, notify you by email or via the Service.

13. Contact

Questions about this policy or our data practices? Email us at [email protected] or write to Ploono s.r.o., Klincová 18973/39, Bratislava, Slovakia.