QA Studio Logo
Back to Home

Privacy Policy

Last updated: January 15, 2025

1. Introduction

QA Studio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our test management platform at qastudio.dev (the "Service").

Self-Hosted Deployments: If you self-host QA Studio, you are the data controller and this privacy policy does not apply to your deployment. You are responsible for complying with applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials managed through Clerk.
  • Test Data: Test cases, test results, test runs, attachments (screenshots, logs, videos), comments, and related metadata.
  • Team Information: Team name, member information, and organization details.
  • Payment Information: Processed securely by Stripe. We do not store complete credit card numbers.
  • Integration Data: Webhook URLs, API tokens for third-party integrations (Slack, Discord, GitHub, etc.).

2.2 Automatically Collected Information

  • Usage Data: IP address, browser type, device information, pages visited, features used, and interaction patterns.
  • Cookies: Session cookies for authentication, preference cookies for user settings, and analytics cookies.
  • API Usage: API requests, response times, and error logs for monitoring and debugging.

2.3 Information from Third Parties

  • Clerk: Authentication provider that manages user accounts and sessions.
  • Stripe: Payment processor for billing and subscription management.
  • OpenAI: AI-powered test diagnostics and insights (optional feature).

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Providing and maintaining the test management platform.
  • Test Management: Storing, organizing, and displaying your test data.
  • AI Features: Generating test diagnostics and insights (when enabled).
  • Communication: Sending notifications, updates, and support responses.
  • Analytics: Understanding usage patterns to improve the platform.
  • Security: Detecting fraud, abuse, and security threats.
  • Billing: Processing payments and managing subscriptions.
  • Legal Compliance: Complying with applicable laws and regulations.

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers:

  • Clerk: Authentication and user management
  • Vercel: Hosting and infrastructure
  • Stripe: Payment processing
  • OpenAI: AI-powered features (only when you use AI diagnostics)
  • Vercel Blob: File storage for attachments

4.2 Team Members

If you're part of a team, your test data, activity, and profile information may be visible to other team members.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request.

4.4 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred to the new owner.

5. Data Retention

  • Active Accounts: We retain your data as long as your account is active.
  • Deleted Accounts: Data is deleted within 30 days of account deletion, except where required by law.
  • Backups: Backup data may persist for up to 90 days after deletion.
  • Legal Requirements: We may retain certain data longer if required by law.

6. Data Security

We implement industry-standard security measures:

  • Encryption: Data encrypted in transit (TLS) and at rest.
  • Access Controls: Role-based access and authentication.
  • Regular Audits: Security reviews and vulnerability assessments.
  • Secure Infrastructure: Hosted on Vercel with enterprise-grade security.

Note: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Update or correct inaccurate information.
  • Deletion: Request deletion of your account and data.
  • Export: Download your test data in portable formats.
  • Opt-Out: Unsubscribe from marketing communications.
  • Object: Object to certain data processing activities.

To exercise these rights, contact us at privacy@qastudio.dev.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place through:

  • Standard contractual clauses
  • Adequate data protection laws in the destination country
  • Service provider agreements requiring data protection

9. Children's Privacy

QA Studio is not intended for users under 13 years old. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

10. AI Features and OpenAI

When you use AI-powered features (test diagnostics, insights):

  • Test failure data and error messages are sent to OpenAI for analysis.
  • OpenAI may use this data per their data usage policy.
  • AI features are optional and can be disabled at any time.
  • We cache AI responses to reduce API calls and costs.

11. Cookies and Tracking

We use cookies for:

  • Essential: Authentication and session management (required).
  • Preferences: Storing your settings and preferences.
  • Analytics: Understanding usage patterns (can be disabled).

You can control cookies through your browser settings.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before providing information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Continued use of the Service constitutes acceptance of the updated policy.

14. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA):

  • Legal Basis: We process data based on consent, contract, legitimate interest, or legal obligation.
  • Data Protection Officer: Contact privacy@qastudio.dev for GDPR inquiries.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

15. CCPA Compliance (California Users)

California residents have additional rights:

  • Know what personal information is collected, used, and shared.
  • Delete personal information.
  • Opt-out of the sale of personal information (we do not sell your data).
  • Non-discrimination for exercising privacy rights.

16. Contact Us

For privacy-related questions or concerns: