1. Introduction

ReleaseQA ("we", "us", "our") operates the releaseqa.com platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. If you sign up via OAuth (Google, GitHub), we receive your profile information from the provider.

Test Data

When you use our reporter packages to submit test results, we receive test run metadata including test names, statuses, durations, error messages, branch names, and commit SHAs. We do not collect your source code.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, IP address, browser type, and device information.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or banking details. We retain Stripe customer IDs and subscription status.

3. How We Use Your Information

Provide, maintain, and improve the Service
Process transactions and send billing notifications
Send technical notices, security alerts, and support messages
Analyze test results and generate quality insights
Monitor and prevent fraud, abuse, or security incidents
Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only with:

Service providers: Stripe (payments), Vercel (hosting), Neon (database), Resend (email)
Within your organization: Team members in your organization can view shared project data
Legal compliance: When required by law, subpoena, or to protect our rights

5. Data Retention

We retain your account data for as long as your account is active. Test run data is retained according to your plan's retention period (30 days for Free, 90 days for Pro, 1 year for Team, custom for Enterprise). You may request deletion of your data at any time.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, org-scoped data isolation, API key hashing, role-based access control (RBAC), and audit logging. See our security documentation for details.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Rectify inaccurate data
Delete your data ("right to be forgotten")
Export your data in a portable format
Restrict or object to processing
Withdraw consent at any time

To exercise these rights, contact us at privacy@releaseqa.com.

8. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (Vercel Analytics) to understand usage patterns. You can disable non-essential cookies in your browser settings.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: privacy@releaseqa.com