Privacy Policy

Effective Date: 13 March 2026

Kusho, Inc (“KushoAI”, “we”, “our”, or “us”) provides an AI-powered testing and reliability platform that enables organizations to generate, execute, and maintain API, workflow, security, and UI tests across the software development lifecycle.

This Privacy Policy describes how we collect, use, disclose, and safeguard Personal Data when you:

• Visit our websites

• Use the KushoAI platform 

• Engage with us for demos, sales, or support

• Access our documentation, blog, or resources

If you are an Enterprise customer and have entered into a Master Services Agreement or other written agreement with KushoAI, that agreement governs the processing of Customer Data and will control in the event of any conflict with this Privacy Policy.

1. Definitions

“Personal Data” means information that identifies or relates to an identifiable individual.

“Customer Data” means data submitted to or processed by KushoAI through the platform by or on behalf of a customer.

“Platform” means KushoAI’s AI-powered testing and reliability infrastructure, including API testing, workflow validation, security testing, UI testing, integrations, and analytics.

“Developer Edition” refers to KushoAI’s free or limited self-serve offering.

“Enterprise Services” refers to paid services governed by a separate agreement.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• Create an account

• Request a demo

• Contact sales or support

• Download resources

• Subscribe to marketing communications

This may include:

• Name

• Work email address

• Company name

• Job title

• Phone number

• Billing and payment information (Enterprise customers)

2.2 Information Collected Through the Platform

When you use the KushoAI Platform, we process Customer Data necessary to deliver the service, including:

• API specifications (OpenAPI, Swagger, Postman collections, cURL imports)

• Test configurations and environment variables

• Generated test cases and execution results

• CI/CD pipeline metadata

• Integration configuration data

• Logs and diagnostic information

• Platform usage analytics

KushoAI does not require direct access to production user databases to operate its testing platform.

2.3 Integration Data

If you connect third-party services, we may process limited metadata necessary to enable integrations, including:

• Repository metadata (e.g., GitHub, GitLab, Bitbucket)

• CI/CD execution status

• Issue identifiers (e.g., Jira, Linear, Azure DevOps)

• Notification metadata (Slack, Teams, email)

• Observability metadata (where enabled)

We process only the data required to enable the selected integration.

2.4 Automatically Collected Website Data

When you visit our website, we may collect:

• IP address

• Browser type

• Device information

• Pages visited

• Referring URL

• Cookie identifiers

This information helps us improve site functionality, security, and performance.

3. How We Use Information

We use Personal Data and Customer Data to:

• Provide and operate the Platform

• Generate and execute test cases

• Detect API changes and workflow risks

• Perform security analysis

• Enable CI/CD and third-party integrations

• Provide support and respond to inquiries

• Process transactions

• Improve and enhance platform functionality

• Maintain security and prevent misuse

• Send service-related and marketing communications (where permitted by law)

• Comply with legal obligations

Marketing communications may be opted out of at any time.

4. AI Processing and Model Use

KushoAI uses AI systems to generate test suites, detect API changes, analyze workflows, and provide release intelligence.

• Customer Data is processed solely to provide the services requested.

• KushoAI may use aggregated or anonymized usage data to improve and develop our services, including enhancing the machine learning systems that power the platform. For users of the free version, certain usage data may be used to improve product features and automated capabilities. Data from paid enterprise deployments is not used to train AI models unless explicitly agreed upon.

• Enterprise deployments may operate in logically or physically isolated environments.

• On-premise deployments process data entirely within the customer’s infrastructure.

AI-generated outputs are designed to assist engineering teams and are not a substitute for independent validation, regulatory review, or formal security audits.

5. Legal Basis for Processing (Where Applicable)

Where required under applicable law (such as GDPR), we process Personal Data based on:

• Performance of a contract

• Legitimate interests in operating and improving our services

• Compliance with legal obligations

• Consent (where required)

6. How We Share Information

We do not sell Personal Data.

We may share information with:

• Cloud infrastructure providers

• Payment processors

• Customer support vendors

• Analytics providers

• Integration partners (as enabled by customer)

• Professional advisors

• Legal or regulatory authorities (when required by law)

All service providers are contractually required to safeguard Personal Data.

A current list of subprocessors may be made available upon request.

7. Data Security

We implement administrative, technical, and organizational safeguards, including:

• Encryption in transit (TLS 1.2 or higher)

• Encryption at rest

• Role-Based Access Controls (RBAC)

• Single Sign-On (SSO/SAML) support (Enterprise)

• Audit logging

• Secure cloud infrastructure

• Vulnerability monitoring

Where applicable, KushoAI maintains security practices aligned with SOC 2 Type II and ISO 27001 standards.

8. Data Retention

We retain Personal Data and Customer Data only for as long as necessary to:

• Provide services

• Fulfill contractual obligations

• Maintain platform integrity

• Comply with legal requirements

Retention periods vary based on:

• Developer Edition vs Enterprise plans

• Customer-configured retention settings

• Applicable laws

Upon termination of services, data may be deleted in accordance with contractual commitments.

9. International Data Transfers

KushoAI may process Personal Data in jurisdictions outside your country of residence.

Where required, we implement appropriate safeguards such as:

• Standard Contractual Clauses

• Contractual data protection commitments

• Region-specific hosting (where available)

Enterprise customers may request region-specific or on-premise deployments.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access Personal Data

• Request correction

• Request deletion

• Restrict processing

• Object to processing

• Request data portability

Requests may be submitted to: support@kusho.ai

For Enterprise accounts, requests may be routed through your organization’s designated administrator.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Operate and secure our website

• Analyze traffic and usage

• Improve user experience

• Support marketing efforts

You may control cookies through your browser settings.

12. Children’s Privacy

The KushoAI Platform is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from minors.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date above.

Material changes may be communicated through the website or via email where appropriate.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Kusho, Inc
Email:support@kusho.ai
Address: 
Kusho, Inc.
166 Geary Str 15th FL #1148
San Francisco, CA 94108