QA Bot

Privacy Policy

Last updated: 12/5/2025

This Privacy Policy describes how QABot collects, uses, and protects your personal information when you use our automated testing platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Your name, email address, and profile picture from your Google account
  • Authentication tokens from Google OAuth
  • Account creation and last login timestamps

1.2 Team and Collaboration Data

  • Team names and descriptions you create
  • Team member relationships and roles (Admin/Member)
  • Team invitations and membership history

1.3 Project and Test Data

  • Project names, descriptions, and target URLs
  • Test case definitions including actions and expectations
  • Scheduled test configurations (cron expressions)
  • Test execution results and history
  • Test run timestamps, status, and result messages

1.4 Subscription and Payment Data

  • Subscription plan information (Free, Basic, Pro, Enterprise)
  • Payment transaction data processed through LemonSqueezy
  • Billing history and subscription status
  • Usage metrics related to plan limits

1.5 Usage and Technical Data

  • Session information and authentication tokens
  • Browser type, device information, and IP address
  • Pages visited and features used within QABot
  • Error logs and performance metrics

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

  • Authenticate your identity and manage your account
  • Process and execute automated UI tests on specified URLs
  • Store and manage your projects, test cases, and test results
  • Execute scheduled tests according to your cron configurations
  • Manage team access and permissions

2.2 Communication

  • Send test execution results and notifications via email
  • Provide team invitation emails
  • Send important service updates and announcements
  • Respond to support requests and inquiries

2.3 Billing and Subscription Management

  • Process payments and manage subscriptions through LemonSqueezy
  • Enforce plan limits (projects, teams, test cases)
  • Handle subscription upgrades, downgrades, and cancellations

2.4 Service Improvement

  • Monitor and analyze usage patterns to improve our service
  • Debug errors and optimize performance
  • Develop new features and functionality

3. Information Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

3.1 Service Providers

  • Google: Authentication via Google OAuth
  • LemonSqueezy: Payment processing and subscription management
  • Resend: Email delivery service for notifications
  • Database Hosting: PostgreSQL database hosting providers
  • Testing Infrastructure: External services that execute UI tests

3.2 Team Members

When you join a team, your name and email are visible to other team members. Team admins can see all team activity including test execution history.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

3.4 Business Transfers

If QABot is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encrypted data transmission using HTTPS/TLS
  • Secure authentication via Google OAuth with JWT sessions
  • Role-based access control for team data
  • Regular security updates and monitoring
  • Secure database storage with Prisma ORM
  • Environment variable protection for sensitive credentials

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Third-Party Services

5.1 Google OAuth

We use Google OAuth for authentication. When you sign in with Google, we receive your basic profile information (name, email, profile picture) as permitted by your Google account settings. Your use of Google authentication is subject to Google's Privacy Policy.

5.2 LemonSqueezy

Payment processing is handled by LemonSqueezy. We do not store your credit card information on our servers. LemonSqueezy's privacy policy governs their collection and use of your payment data.

5.3 Testing Services

When you execute tests, we send your test configurations (URLs, actions, expectations) to external testing infrastructure. These services process the test execution and return results to us.

6. Data Retention

We retain your information for different periods depending on the type of data:

  • Account Data: Retained while your account is active
  • Test Results: Retained indefinitely unless you delete them
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Session Data: Expired after 30 days of inactivity
  • Logs and Analytics: Retained for up to 90 days

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal obligations.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and session management (NextAuth.js JWT tokens)
  • Preference Cookies: Remember your theme settings (dark/light mode)
  • Security Cookies: Protect against cross-site request forgery (CSRF)

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies. However, this may prevent you from using certain features of QABot.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request a copy of your personal data
  • Download your test cases and project data
  • View your subscription and billing information

8.2 Correction and Deletion

  • Update your profile information at any time
  • Delete individual test cases, projects, or teams
  • Permanently delete your entire account and associated data

8.3 Objection and Restriction

  • Opt out of non-essential email communications
  • Object to processing of your data for certain purposes
  • Request restriction of processing in specific circumstances

To exercise these rights, please contact us at hello@qabot.app. We will respond to your request within 30 days.

9. International Data Transfers

QABot may process your data in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Children's Privacy

QABot is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email if you have an active account
  • Display a prominent notice on our website

Your continued use of QABot after changes to this policy constitutes acceptance of the updated privacy policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiry as promptly as possible, typically within 30 days.

Last updated: 12/5/2025

Privacy Policy | QABot