Privacy Policy

Last updated: May 27, 2026

Draftthis document is a working draft published for transparency. A legally-reviewed version will replace it before paid plans go live. It does not yet constitute a binding agreement; if you need a signed version, contact legal@trymysaas.com.

This Privacy Policy explains what personal data TryMySaaS collects, why we collect it, how long we keep it, who we share it with, and the rights you have over it. It applies to everyone who interacts with the TryMySaaS service, the trymysaas.com website, and any reports generated by our agents.

Who is the data controller

TryMySaaS is the controller of personal data described in this policy. For inquiries you can reach us at privacy@trymysaas.com.

Data we collect

We try to collect only what we need to run audits, bill them, and keep the service safe. Specifically:

  • Account data — your name, email address, authentication identifiers (including OAuth provider IDs), organization membership, and role.
  • Audit targets — the domains and URLs you submit, proof of domain ownership, and any audit configuration you choose.
  • Audit artifacts — screenshots, HTTP request and response samples, console logs, accessibility trees, network traces, and the findings our agents derive from them.
  • Billing data — when you purchase credits or a paid plan, our payment processor handles your card details; we receive only the transaction identifiers, plan, amount, currency, and country.
  • Service telemetry — IP address, user agent, basic request metadata, and error logs used to operate and secure the service.

Why we use it

  • To run the audits you request and deliver the reports.
  • To meter usage, invoice paid plans, and prevent fraud.
  • To detect abuse, enforce these terms, and protect end users of audited systems.
  • To improve our agents and the quality of findings — using internal aggregates, not by republishing your data.

We do not sell personal data and we do not use audit artifacts to train third-party AI models without a separate agreement.

Legal basis (GDPR / LGPD)

We process personal data on the legal bases of contractual necessity (to provide the service you signed up for), legitimate interest (operating and securing the service), and consent where required (e.g., optional marketing emails). Under Brazil's LGPD the equivalent legal bases are execução de contrato, legítimo interesse, and consentimento.

Retention

Account data is retained while your account is active and for 90 days after deletion to allow recovery and meet legal obligations. Audit artifacts (screenshots, traces, logs) are retained for 90 days by default and then deleted; you may request earlier deletion at any time. Findings (the structured report) are retained for the lifetime of your account so you can compare runs. Billing records are retained for the period required by tax and accounting law.

Who we share it with

We share personal data only with subprocessors who help us deliver the service. We use the following categories of subprocessors:

  • Hosting and edge compute — to run the website, dashboard, and agent runtime.
  • Managed Postgres — to store account data, audit metadata, and findings.
  • Transactional email — to send verification, billing, and disclosure notifications.
  • Payments — to process card payments and manage subscriptions.
  • AI model providers — to run the LLM-backed reasoning steps inside our agents. We do not send end-user PII from audited systems to these providers as part of normal operation; if an audit incidentally surfaces such data, we redact what we can before any third-party call.

Your rights

Depending on where you live, you have some or all of the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Deletion — ask us to delete your data, subject to legal-retention exceptions.
  • Portability — receive your data in a structured, machine-readable format.
  • Object or restrict — object to certain processing or ask us to restrict it.

To exercise any of these rights, email privacy@trymysaas.com from the address on your account. We respond within 30 days. You may also file a complaint with your local data protection authority — in Brazil, the ANPD; in the EU, your national DPA.

Cookies and similar technologies

We use a small number of first-party cookies that are strictly necessary to operate the service. They are set on trymysaas.com and never shared with third parties.

  • Authentication session — keeps you signed in and protects against cross-site request forgery (CSRF).
  • Active organization — remembers which organization you have selected in the multi-tenant app (active-org-id, 1 year).
  • Language preference — remembers your locale choice (NEXT_LOCALE).
  • Sidebar state — remembers whether you collapsed or expanded the app navigation.

If you consent, we may additionally enable: product analytics (anonymous page and feature usage) and error monitoring (so we see and fix crashes). These categories are disabled by default and are off until you accept them in the cookie banner.

You can change your choices at any time on the cookie preferences page. We respect your decision across all our subdomains.

Security

We protect data in transit with TLS, encrypt data at rest, scope database access to least privilege, and require multi-factor authentication for any administrative access. No system is perfectly secure; if a breach affects you, we will notify you in line with our disclosure obligations.

Children

The service is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact privacy@trymysaas.com and we will delete it.

Changes to this policy

We will update this policy as the service evolves. Material changes will be announced by email to active account holders at least 14 days before they take effect. The 'Last updated' date at the top of this page always reflects the current version.

Contact

Questions, requests, or complaints: privacy@trymysaas.com.