Privacy Policy

Last updated: 2026-05-26. This policy explains how qa-clone processes personal data under the GDPR.

Data Controller

qa-clone is the data controller for personal data processed through the service. Contact details are in the Contact section below.

Data We Collect

• Account data (name, email) via our auth provider (Clerk).
• Organization and project metadata you create.
• Test runs, artifacts, and logs generated by the service.
• Billing data processed by our payment provider (Stripe).

Legal Basis

We process data to perform our contract with you (service delivery), for legitimate interests (security, product analytics), and with your consent (non-essential cookies).

Cookies

Essential cookies are always set. Non-essential/analytics cookies are set only with your consent (EU/EEA/UK visitors see a consent banner). See the cookie banner to manage your choice.

Data Retention

We retain account and run data for the life of your account. Artifacts follow your plan's retention window. Audit logs are kept for 90 days.

Your Rights

Under the GDPR you have the right to access, rectify, export (portability), and erase your data, and to object to or restrict processing.

Data Export

Request a machine-readable export of your data via POST /privacy/data-export or from Settings.

Data Deletion

Request erasure via POST /privacy/data-delete. Deletion is scheduled after a 30-day confirmation window, during which you may cancel.

Third Parties

We share data with sub-processors strictly to operate the service: Clerk (auth), Stripe (billing), Neon (database), Cloudflare R2 (artifact storage), Browserbase (test execution), and Resend (email).

Data Transfers

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

Contact

For privacy requests or questions, contact privacy@testsbot.com.