Privacy Policy

Effective Date: January 27, 2025 | Last Updated: January 27, 2025

1. Introduction

TestRush ("Company", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at testrush.app.

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Account Information:
    • Name
    • Email address
    • Password (stored in hashed form)
    • Company name (optional)
  • Payment Information:
    • Billing address
    • Payment details are processed by our payment processor (FastSpring) and are not stored on our servers
  • User Content:
    • Test cases and test suites you create
    • Test run data and results
    • Attachments you upload
    • Comments and notes

2.2 Information Collected Automatically

  • Usage Data:
    • Pages visited
    • Features used
    • Time spent on the Service
    • Click patterns
  • Device Information:
    • IP address
    • Browser type and version
    • Operating system
    • Device identifiers

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (transaction confirmations)
  • Authentication providers (if you use SSO)
  • Analytics services (aggregated usage data)

3. How We Use Your Information

3.1 Service Provision

  • Creating and managing your account
  • Providing access to features
  • Processing transactions
  • Delivering customer support

3.2 Service Improvement

  • Analyzing usage patterns to improve features
  • Identifying and fixing bugs
  • Developing new functionality

3.3 Communications

  • Sending transactional emails (receipts, password resets)
  • Providing important Service updates
  • Responding to your inquiries

3.4 Security

  • Detecting and preventing fraud
  • Protecting against unauthorized access
  • Enforcing our Terms of Service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

PurposeLegal Basis
Providing the ServicePerformance of contract
Processing paymentsPerformance of contract
Security measuresLegitimate interests
Service improvementLegitimate interests
Marketing communicationsConsent
Legal complianceLegal obligation

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We share data with trusted third parties who assist in operating our Service:

ProviderPurposeData Shared
SupabaseDatabase hostingUser data, content
FastSpringPayment processingBilling information
ResendTransactional emailsEmail address, name

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

6.2 After Account Deletion

Upon account deletion request:

  • Personal data: Deleted within 30 days
  • User Content: Deleted within 30 days
  • Backup copies: Deleted within 90 days
  • Anonymized/aggregated data: May be retained indefinitely

7. Data Security

7.1 Security Measures

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication

7.2 Infrastructure

Our database is hosted on Supabase, which maintains SOC 2 Type II certification.

7.3 No Guarantee

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

8.1 All Users

You have the right to:

  • Access your personal data
  • Update inaccurate information
  • Delete your account and data
  • Export your data in a portable format
  • Opt-out of marketing communications

8.2 EEA, UK, and Swiss Users (GDPR Rights)

You additionally have the right to:

  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with a supervisory authority

8.3 California Users (CCPA Rights)

You additionally have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Say no to the sale of personal information (we do not sell your data)
  • Equal service and price, even if you exercise privacy rights

8.4 Exercising Your Rights

To exercise your rights, contact us at support@testrush.app. We will respond within 30 days.

9. Cookies and Tracking

9.1 Types of Cookies We Use

  • Essential Cookies:
    • Required for Service operation
    • Cannot be disabled
  • Analytics Cookies:
    • Help us understand how you use the Service
    • Can be disabled in your browser or through our cookie settings

9.2 Do Not Track

We currently do not respond to "Do Not Track" browser signals.

10. Third-Party Integrations

10.1 MCP Integrations

When you connect the Service to third-party AI tools via MCP:

  • You control what data is shared
  • Third-party privacy policies apply to their services
  • We do not control how third parties handle your data

You are responsible for reviewing the privacy policies of any third-party services you integrate with.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we use Standard Contractual Clauses (SCCs) and service providers with appropriate certifications.

12. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected such information, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by the "Last Updated" date. For material changes, we will notify you via email or notice within the Service.

14. Contact Us

For privacy-related questions or to exercise your rights:

TestRush
Email: support@testrush.app
Website: https://testrush.app

For EEA users: If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.

By using TestRush, you acknowledge that you have read and understood this Privacy Policy.