Privacy Policy
QAPTURS - PRIVACY POLICY
1. INTRODUCTION
Qapturs, Inc. ("Company", "We", "Us", "Our") respects Your privacy. This Privacy Policy explains how We collect, use, disclose, and safeguard Your information when You use our test automation platform.
By using the Platform, You consent to the practices described in this Privacy Policy.
2. INFORMATION WE COLLECT
2.1 Information You Provide
| Category | Examples |
|---|---|
| Account Information | Name, email address, company name, password |
| Billing Information | Payment method details (processed by Stripe, not stored by Us) |
| Test Scripts | Automation code, test cases, and related content |
| Secrets | Encrypted passwords, API keys, and tokens (stored in Secrets Manager) |
| Communications | Support tickets, feedback, survey responses |
2.2 Information Automatically Collected
| Category | Examples |
|---|---|
| Usage Data | Test runs, features used, pages visited, duration |
| Device Information | IP address, browser type, operating system |
| Log Data | Timestamps, error reports, performance metrics |
2.3 Information from Third Parties
- Payment processors (Stripe) – billing status only
- Authentication providers (if enabled) – user identity
3. HOW WE USE YOUR INFORMATION
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Platform | Contract performance |
| Process payments and subscriptions | Contract performance |
| Run Your test scripts and record videos | Contract performance |
| Improve and optimize the Platform | Legitimate interest |
| Communicate with You about service updates | Legitimate interest |
| Respond to support requests | Contract performance |
| Detect and prevent fraud or abuse | Legal obligation |
| Comply with legal obligations | Legal obligation |
We NEVER sell Your personal information to third parties.
4. TEST SCRIPT & SECRETS HANDLING
This is the most important section for You to understand.
4.1 Test Scripts
- Your test scripts are encrypted (AES-256) before being stored in our database
- Scripts are only decrypted when You trigger a test run
- Decryption happens inside Your isolated container
- No employee can read Your scripts unless You explicitly share them for support
4.2 Secrets Manager
- Secrets (passwords, API keys) are encrypted separately
- Secrets are never stored in plain text
- Secrets are injected as environment variables only during execution
- Secrets are never logged or persisted after container destruction
4.3 Test Execution Videos
- Videos are stored encrypted at rest
- Video access requires signed, expiring URLs (15 minutes)
- Videos are linked exclusively to Your account
- No other user can access Your videos
5. DATA RETENTION
| Data Type | Free Plan | Paid Plans |
|---|---|---|
| Test Scripts | Duration of account + 30 days | Duration of account + 90 days |
| Test Results | Current run only | 90 days (AI Tester) / 1 year (Pro) |
| Videos | Not available on Free Plan | 90 days (AI Tester) / 1 year (Pro) |
| Audit Logs | - | 1 year |
After Account Termination: All data deleted within 30 days
6. DATA SHARING & DISCLOSURE
6.1 We May Share Your Information With:
- Service Providers - Cloud hosting, payment processing, email delivery
- Law Enforcement - When required by law or legal process
- Corporate Transactions - Merger, acquisition, or asset sale
6.2 We Do NOT Share:
- Your Test Scripts with other customers
- Your Secrets with any third party
- Your execution videos except as described above
- Personal information for advertising or marketing
7. YOUR RIGHTS
Depending on Your jurisdiction, You may have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of Your personal data |
| Correction | Correct inaccurate or incomplete data |
| Deletion | Request deletion of Your data |
| Portability | Receive Your data in a structured format |
| Restriction | Limit how We use Your data |
| Objection | Object to processing based on legitimate interests |
To exercise these rights, contact: founder@qapturs.com
We will respond within 30 days.
8. SECURITY MEASURES
We implement industry-standard security, including:
| Measure | Implementation |
|---|---|
| Encryption at Rest | AES-256 for scripts, secrets, and videos |
| Encryption in Transit | TLS 1.3 for all connections |
| User Isolation | Database-level segregation by user_id |
| Container Isolation | Ephemeral Docker containers per test run |
| Access Controls | Strict internal access policies |
| Audit Logging | All significant actions recorded |
| Signed URLs | Expiring, user-scoped video access |
No security is absolute. In the event of a data breach, We will notify You within 72 hours as required by applicable law.
9. COOKIES & TRACKING
We use essential and analytics cookies:
- Essential - Authentication, security, platform functionality
- Analytics - Usage patterns, performance monitoring
You may disable non-essential cookies in Your browser settings.
10. INTERNATIONAL DATA TRANSFERS
We store data on servers located in the United States. If You are located outside the US, Your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) to ensure adequate protection.
11. CHILDREN'S PRIVACY
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect information from children.
12. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
California residents have the right to:
- Know what personal information is collected
- Request deletion of personal information
- Opt out of any "sale" of personal information (We do not sell data)
- Non-discrimination for exercising privacy rights
To exercise California rights, email: founder@qapturs.com
13. GDPR RIGHTS (European Union)
If You are in the European Economic Area (EEA), You have additional rights under the General Data Protection Regulation (GDPR):
- Right to be Informed - Transparency about data processing
- Right of Access - Confirm if data is processed and receive a copy
- Right to Rectification - Correct inaccurate data
- Right to Erasure - Request deletion (subject to exceptions)
- Right to Restrict Processing - Limit how data is used
- Right to Data Portability - Receive data in machine-readable format
- Right to Object - Object to processing based on legitimate interests
- Rights Related to Automated Decision-Making - We do not engage in automated decision-making
Data Controller: Qapturs, Inc.
EU Representative: For inquiries, contact founder@qapturs.com
Supervisory Authority: You have the right to lodge a complaint with Your local data protection authority.
14. DATA PROCESSING ADDENDUM (DPA)
Enterprise customers may request a Data Processing Addendum (DPA) compliant with GDPR requirements. The DPA incorporates the Standard Contractual Clauses (SCCs).
Request DPA: founder@qapturs.com
15. BREACH NOTIFICATION
In the event of a data breach affecting Your personal information:
- We will notify You within 72 hours of discovery
- Notice will include scope of breach, data affected, and remediation steps
- Regulatory authorities will be notified as required by law
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. Material changes will be notified via:
- Email to the address associated with Your account
- Platform notification upon login
- At least 30 days' advance notice for significant changes
Your continued use after changes constitutes acceptance.
17. CONTACT INFORMATION
For privacy-related inquiries:
- Privacy Officer: founder@qapturs.com
- Data Protection Requests: founder@qapturs.com
- Legal & Compliance: founder@qapturs.com
Qapturs
Attn: Privacy Department
18. ACCEPTANCE
By using Qapturs, You acknowledge that You have read, understood, and agree to be bound by this Privacy Policy.