Privacy Policy

    Last updated: December 13, 2025

    Introduction

    Welcome to Test Flows AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and our Chrome extension "Test Flows AI."

    By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

    Information We Collect

    1. Account Information

    When you create an account, we collect:

    • Email address
    • Name (if provided)
    • Authentication tokens

    2. Chrome Extension Data Collection

    Our Chrome extension "Test Flows AI" collects data only when you explicitly initiate a recording session. The extension does NOT collect any data in the background or when recording is not active.

    During an active recording session, we may capture:

    • User interactions (clicks, typing, scrolling, navigation)
    • DOM element information and selectors
    • Page URLs and titles
    • By default we capture small area of interaction during the recording session
    • Form field values (only visible input, excludes passwords by default)

    ⚠️ Important: By default, we do NOT collect passwords, credit card numbers, or other sensitive payment information. Password fields are automatically excluded from recording. However, when user data capture is enabled, the extension may collect sensitive data for testing purposes only.

    3. Usage Analytics

    We may collect anonymized usage statistics to improve our services, including feature usage patterns, error reports, and performance metrics.

    Chrome Extension Permissions

    Our Chrome extension requires certain permissions to function. Here's why we need each one:

    activeTab

    Access the currently active tab to record user interactions when recording is initiated.

    storage

    Store recorded test data locally and sync user preferences across sessions.

    scripting

    Inject content scripts to capture DOM interactions and element information during recording.

    tabs

    Track tab navigation events and manage recording across multiple tabs when needed.

    windows

    Manage recording sessions across browser windows and handle window-level events.

    host_permissions (all URLs)

    Enable recording on any website the user chooses to test. This permission is only used when recording is actively initiated by the user.

    How We Use Your Information

    We use the information we collect to:

    • Provide and maintain our test automation services
    • Generate test flows and scripts based on recorded interactions
    • Create AI-powered self-healing locators for robust testing
    • Store and organize your test projects and flows
    • Improve our services and develop new features
    • Communicate with you about updates and support
    • Ensure security and prevent abuse

    Data Storage and Security

    We implement industry-standard security measures to protect your data:

    • All data is encrypted in transit using TLS/SSL
    • Data is stored securely on Supabase infrastructure
    • Access to data is restricted and controlled
    • Regular security audits and monitoring
    • User authentication via secure OAuth providers

    Recorded test data is stored in your account and is only accessible by you (and any team members you explicitly share it with). We do not share, sell, or monetize your recorded test data.

    Data Retention

    We retain your data for as long as your account is active or as needed to provide services. You can delete your test flows and recorded data at any time through the dashboard. Upon account deletion, all associated data will be permanently removed from our systems within 30 days.

    Your Rights

    You have the right to:

    • Access: Request a copy of your personal data
    • Rectification: Correct inaccurate information
    • Deletion: Delete your account and associated data
    • Portability: Export your test flows and data
    • Withdraw Consent: Stop recording at any time

    Third-Party Services

    We use the following third-party services:

    • Supabase: Database and authentication services
    • OpenAI: AI-powered features (data is processed according to OpenAI's usage policies)

    These services have their own privacy policies, and we encourage you to review them.

    Children's Privacy

    Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

    Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

    Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at:

    Email: support@testflows.ai