Lamalama.
PricingDocs
Sign inGet started

Data Use

A plain-language explanation of what happens to your data when you use Lama. For the full legal version, see our Privacy Policy.

We do not train on your data. Period.

Your code, page content, test steps, and AI conversations are never used to train any AI model — not by us, and not by the AI providers we use. This is guaranteed under their commercial API terms.

What stays on your machine

  • Your project files and test code never leave your computer.
  • AI conversation history is encrypted (AES-256-GCM) and stored locally — not on our servers.
  • The Chrome extension only captures page data during active test sessions you initiate. Nothing runs in the background.

What passes through our servers

When you chat with the AI agent or run an AI-powered test, your prompts and page content are sent through our backend to the AI provider:

Your machine → Lama API (HTTPS) → AI Provider
  • We do not store your prompts or AI responses. They are proxied in real-time and discarded.
  • We only record token counts and cost for billing (e.g. "1,200 input tokens, 800 output tokens, $0.03").

What AI providers retain

Our AI providers do not train on your data. Under their commercial API terms, they may retain inputs briefly (up to 30 days) for safety and abuse monitoring, then automatically delete them.

This covers everything sent during a session — text prompts, file contents the agent reads, and screenshots taken during testing. All of it travels as part of the API request and is subject to the same rules. None of it is stored on our servers.

In cases of suspected usage policy violations, providers may retain inputs and outputs for up to 2 years. This is solely for safety investigation and legal compliance — not for training or any other use.

We are working toward Zero Data Retention (ZDR) agreements with our AI providers, which would eliminate even this temporary retention. Under ZDR, inputs and outputs are processed in real-time and immediately discarded after the response is returned.

What we store on our servers

DataStored?
Your code / project filesNo — never leaves your machine
AI conversationsNo — encrypted locally on your machine
Prompts / page contentNo — proxied in real-time, not stored
Knowledge (learned page & workflow summaries)Yes — encrypted at rest on our servers (AES-256-GCM)
Account info (email, name)Yes — required for authentication
Token counts & cost per requestYes — required for billing
Credit balance & transactionsYes — required for billing

About knowledge storage

As the AI agent explores your app, it learns and remembers structured information — page descriptions, navigation patterns, and workflow steps. This knowledge is stored encrypted on our servers (AES-256-GCM) so it persists between sessions and across team members in your organization.

This is different from your actual prompts or page content, which are never stored. Knowledge is only the high-level summaries the agent derives: things like “the login page is at /sign-in” or “the checkout workflow has 3 steps.” It does not include raw page HTML, screenshots, or conversation text.

Knowledge is scoped to the domain being tested (e.g., your staging or production URL) and is deleted when you close your account.

In short

  • Your code and conversations never leave your machine (except content sent to AI during active use).
  • We don't store your prompts, file contents, screenshots, or AI responses on our servers.
  • AI-learned knowledge (page and workflow summaries) is stored on our servers, encrypted at rest. Raw content is not stored.
  • AI providers don't train on your data. They may retain it briefly (up to 30 days) for safety, then delete it.
  • If a session is flagged for a policy violation, providers may retain it for up to 2 years for safety and legal purposes only.
  • We're pursuing Zero Data Retention to eliminate even the temporary retention.