Privacy Policy

1. Who We Are

QAClan ("we", "us") operates the QAClan website, command-line agent, and web application. For privacy questions, contact [email protected].

2. Information We Collect

Account data

When you sign up we collect your name, email address, and any profile information you provide (for example via Google OAuth). We generate and store a hash of any API keys you create; we do not retain the plaintext after issuance.

Synced test data

If you push runs to the cloud, we receive metadata about your projects, features, suites, scripts, environments, and run results (including pass/fail state, duration, step metadata, and error messages). We do not receive data that your scripts do not push.

Billing data

Subscription payments are processed by Paddle.com Market Ltd, our merchant of record. Paddle collects and processes your payment details; we receive only the information needed to provision and manage your subscription (for example, plan, status, and last four digits of the card).

Usage and device data

We collect limited technical information such as IP address, browser or CLI version, operating system, timestamps, and pages viewed. We use cookies and similar technologies to keep you signed in and to measure aggregate usage.

Support communications

If you contact us, we keep a record of the correspondence so we can follow up.

3. How We Use Information

• Provide, maintain, and improve the Service.
• Authenticate users and protect accounts.
• Process payments and manage subscriptions.
• Send operational messages (receipts, security alerts, product updates).
• Analyze usage to fix bugs and prioritize features.
• Comply with legal obligations and enforce our Terms.

4. Legal Bases (EEA/UK)

We process personal data under the following legal bases: performance of a contract (providing the Service), legitimate interests (security, product improvement), consent (where required for marketing or optional cookies), and legal obligation (tax and accounting records).

5. Sharing

We do not sell personal information. We share data only with:

• Service providers we rely on to run the Service (for example, hosting, database, email delivery, and analytics providers), under contracts that limit their use of the data to providing the service to us.
• Paddle, our merchant of record, for payment processing, tax calculation, invoicing, and fraud prevention.
• AI analysis providers (for example, Google Gemini) when you opt into AI-powered test analysis. Only the specific run data required for the analysis is sent.
• Authorities when required by law, or to protect our rights, users, or the public.
• Successors in the event of a merger, acquisition, or asset sale, subject to this policy.

6. International Transfers

Our infrastructure and some of our service providers may be located outside your country of residence. Where required, we rely on appropriate safeguards (for example, Standard Contractual Clauses) for cross-border transfers.

7. Data Retention

We keep personal data for as long as your account is active, plus a reasonable period afterward to comply with legal, accounting, or reporting requirements. You can request deletion at any time (see below).

8. Security

We use industry-standard measures — TLS in transit, encrypted credentials at rest, access controls, and audit logging — to protect your data. No system is perfectly secure; if you discover a vulnerability, please disclose it responsibly to [email protected].

9. Your Rights

Depending on your jurisdiction you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent. To exercise any of these rights, email [email protected]. You can also lodge a complaint with your local data protection authority.

10. Cookies

We use a small number of strictly necessary cookies to keep you signed in, plus optional analytics cookies to understand usage. You can control cookies through your browser settings.

11. Children

QAClan is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal information, contact us and we will delete it.

12. Changes

We may update this policy from time to time. The "Last updated" date above indicates when it was last revised. Material changes will be announced on the website or by email.

13. Contact

Privacy questions or requests: [email protected].