Legal

Privacy Policy

Last updated: 14 April 2026 · Applies to the Arqo web application and related services marketed at arqo.co.uk

This policy explains how we handle personal data in plain language. It is not legal advice. If you need contractual terms for procurement, contact us at [email protected].

1. Who we are

Arqo is an AI-assisted test management platform designed to help quality and engineering teams plan, document, and run testing earlier in the delivery lifecycle (“shift left”). The service is operated by Arqo Ltd, a company registered in the United Kingdom. For privacy enquiries, email [email protected].

2. What this policy covers

This policy describes how we collect, use, store, and share personal data when you visit our marketing website, create an account, use the Arqo application, or contact us. It does not govern third-party sites we link to (for example Atlassian Jira or Slack), which have their own policies.

3. Data we collect

Depending on how you use Arqo, we may process:

  • Account and profile data — such as your name, email address, role or title where you choose to provide it, team or organisation identifiers, and authentication data (for example credentials or session tokens managed through our auth system).
  • Service and usage data — such as device and browser type, approximate location derived from IP address, log timestamps, pages or features used, diagnostic events, and security-related records.
  • Content you submit — including test plans, test cases, runs, comments, file uploads, screenshots you attach for AI-assisted workflows, imported spreadsheets, and similar workspace content you store in Arqo.
  • Integration data — when you connect third-party tools (for example Jira or Slack), we process the identifiers, tokens, or content needed to provide those integrations, strictly in line with the permissions you grant and the third party’s API terms.
  • AI interaction data — when you use AI features, we process the prompts, context, and outputs required to deliver the feature (for example generating or refining tests from requirements or tickets). We use this to operate, secure, and improve the service as described below.
  • Billing data — if you subscribe to a paid plan, our payment provider (Stripe) processes card and billing details. We receive limited billing metadata (such as subscription status and customer identifiers) needed to manage your account.
  • Communications — messages you send us (support tickets, contact form submissions) and related correspondence metadata.

4. How we use personal data

We use personal data to:

  • Provide, host, and operate the Arqo service, including AI-assisted features you choose to enable.
  • Authenticate users, enforce permissions, prevent abuse, and protect the security of our systems.
  • Maintain integrations you configure (for example creating or updating issues in Jira, or notifications in Slack).
  • Process subscriptions, invoices, and account changes where applicable.
  • Analyse aggregated or de-identified usage to improve reliability, performance, and product design.
  • Comply with law, respond to lawful requests, and enforce our terms.
  • Send service-related notices (for example security alerts or billing receipts). Marketing emails, if any, will be sent only where permitted and with a clear unsubscribe option.

5. AI processing

Arqo’s AI features send relevant prompts and context to one or more model providers to generate suggestions (such as draft test cases). Outputs are assistive and should be reviewed by your team before you rely on them for compliance, safety-critical systems, or production decisions. We do not use your workspace content to train public third-party models unless a feature explicitly states otherwise and you opt in; our standard production configuration is designed for inference and service delivery, not for selling your data.

6. Legal bases (UK / EEA)

Where UK GDPR or EU GDPR applies, we rely on one or more of the following legal bases:

  • Contract — processing necessary to provide the service you signed up for.
  • Legitimate interests — for example securing the platform, understanding aggregate usage, and improving features, balanced against your rights.
  • Consent — where we ask for consent (such as certain cookies or optional communications), you may withdraw it at any time.
  • Legal obligation — where we must retain or disclose information to comply with the law.

7. How we share data

We share personal data only as needed to run Arqo:

  • Infrastructure and subprocessors — for example cloud hosting, databases, logging, email delivery, and payment processing. We select providers with appropriate safeguards and written terms where required.
  • AI providers — to perform inference when you use AI features.
  • Integrations you enable — data flows to Atlassian, Slack, or other services according to your configuration.
  • Professional advisers — lawyers or accountants under confidentiality, where necessary.
  • Authorities — if we are required to respond to lawful requests or to protect rights, safety, and security.

We do not sell your personal information in the conventional sense of exchanging data for money.

8. International transfers

Your data may be processed in the United Kingdom, the European Economic Area, and other countries where our subprocessors operate. Where we transfer personal data from the UK or EEA to other jurisdictions, we use appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, EU Standard Contractual Clauses, or equivalent mechanisms, together with supplementary measures where appropriate.

9. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to resolve disputes, enforce agreements, and meet legal or accounting requirements. Workspace content is retained according to your subscription and deletion controls until you delete it or close your account, subject to backup and legal retention windows.

10. Security

We implement technical and organisational measures appropriate to the nature of the service, including access controls, encryption in transit where supported, and monitoring. No method of transmission or storage is completely secure; we encourage strong passwords, SSO where available, and least-privilege access for integrations.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, to data portability, to object to certain processing, and to lodge a complaint with a supervisory authority. To exercise these rights, contact [email protected]. We will respond within the timeframe required by applicable law.

12. Cookies

We use cookies and similar technologies that are strictly necessary for authentication and security, and where applicable to remember preferences (such as theme). We will align any non-essential analytics or marketing cookies with applicable consent requirements and update this policy if our practices change in a material way.

13. Children

Arqo is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe we have collected such data, contact us and we will delete it promptly.

14. Changes

We may update this policy from time to time. We will post the revised version on this page and adjust the “Last updated” date. Where changes are material, we will provide additional notice as appropriate (for example by email or in-product notification).

← Back to home · Terms of Service