← Deltix
Last updated: 6 May 2026

Privacy & Data Handling

Deltix is in invite-only beta. This page explains what we collect, where it goes, how long we keep it, and how to exercise your rights. Plain language; no weasel-words.

How execution works

Deltix runs partly on your machine. The Deltix Agent — a macOS app you install — operates iOS simulators or connected devices locally on your computer. Your app binaries (IPA, .app bundles) and source code don't leave your machine.

What does leave your machine: screenshots and accessibility-tree captures from each step, plus the action descriptions and run metadata. These travel to our cloud and to the LLM for navigation, scoring, and self-heal. Findings, run metadata, and saved playbooks are stored in our database. App binaries and source are not.

What we collect

When you use Deltix, we collect:

  • Account info: your email, username, password (hashed), and account creation timestamp.
  • App registration: bundle ID and app name.
  • Run data: screenshots of your app, the accessibility tree (element types, identifiers, labels, frames), the actions taken, and run metadata (device type, duration, status).
  • Findings & heal suggestions: critic findings, heal suggestion rationales (some are generated by an LLM).

We don't collect: payment info (the beta is free), location beyond the country-level signal needed for regional scoping, third-party tracking cookies, or in-app usage analytics (page-view events, click tracking, session recording). If we add analytics later, we'll update this notice first.

How we use it

  • To run validations against your app and surface findings to you.
  • To debug failures when you reach out — your bug reports, support emails, and conversations are our primary signal during the beta.
  • To inspect specific run(s) you flag, so we can understand what happened.
  • To contact you about your account, beta updates, and product changes.

We currently do not run product analytics, behavioral tracking, or session-replay tooling on dashboard usage. Standard infrastructure logs (request logs, error traces) are emitted by our hosting providers — those help us keep the service running but aren't used to track individual user behavior.

We don't sell your data. We don't share it for advertising. Anthropic's API terms don't use API content for model training, and we don't opt in to anything that would.

Subprocessors

Your data is processed by these third-party services:

  • Anthropic (Claude API) — UI trees and screenshots are sent to Claude for navigation, scoring, and self-heal verdicts. privacy policy
  • Supabase — database; stores account info, runs, screenshots, specs. US region. privacy policy
  • Vercel — hosts the dashboard. privacy policy
  • Railway — hosts the backend API and validation worker. privacy policy

Our use of Anthropic's API is governed by Anthropic's Commercial Terms of Service, which incorporate a Data Processing Addendum (with Standard Contractual Clauses) prohibiting use of customer data for model training. Formal DPAs with our other subprocessors will be added as we move beyond beta.

How long we keep it

  • Account info: until you ask us to delete your account (email privacy@deltix.ai). Self-serve account deletion is on the roadmap.
  • Run data (screenshots, accessibility trees, findings): retained during the beta unless deleted earlier upon request. We'll publish an automated retention policy as we move past beta. To request deletion of specific data sooner, email us.
  • Specs (saved playbooks): until you delete them, or until your account is deleted.
  • Server logs: retained per our infrastructure providers' standard policies (Railway, Vercel, Supabase).

If you need different retention for a specific use case, email privacy@deltix.ai.

Your rights

You can:

  • See your data — email privacy@deltix.ai and we'll send you what we have. We aim to respond within 7 days.
  • Delete your account and all associated data — same address; same response target. Self-serve deletion is on the roadmap.
  • Export your data — same address.
  • Correct inaccurate data — you can change your password in account settings. For other changes (email, username), email us.

What you should NOT capture

Recordings inadvertently leak credentials more often than they leak personal data. Please:

  • Avoid flows that show OAuth tokens, API keys, session cookies, or other credentials.
  • Use test environments and test accounts where possible.
  • Personal accounts are fine for solo testing.
  • Don't capture production customer data.
  • Don't test apps containing PHI (health), FERPA-protected (education), or under-13 children's data without contacting us first — we're not yet equipped for those data classes.

Security

  • All traffic is encrypted in transit (HTTPS).
  • Data at rest is encrypted via Supabase's default and our cloud providers' standard practices.
  • Internal access is limited to our small engineering team.
  • Found a security issue? Email security@deltix.ai. We aim to respond within 48 hours.

Beta scope

Deltix is currently invite-only and scoped to the United States and Canada. We aren't yet equipped for GDPR / UK GDPR controller obligations, so non-NA visitors are pointed to a waitlist instead. We'll update this notice when that changes.

Changes to this notice

We'll update this page as the product evolves. For material changes, we'll communicate through the dashboard and to the email on your account.

Contact

See also: Beta Terms.