Privacy Policy

Last updated: January 2, 2026

1. Introduction

Qovr ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

  • Name and email address
  • Password (encrypted)
  • OAuth provider data (if using social login)

Service Usage Data

  • Projects, environments, and test journeys you create
  • Test execution results and screenshots
  • Console and network logs from test runs
  • Issues and audit logs

Technical Information

  • IP address and browser type
  • Device information and operating system
  • Usage patterns and feature interactions
  • Error logs and performance metrics

Payment Information

  • Billing details (processed securely by Stripe)
  • We do NOT store credit card numbers
  • Transaction history and subscription status

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage subscriptions
  • Send you technical notices and support messages
  • Respond to your requests and provide customer support
  • Analyze usage patterns to improve features
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Storage and Security

Storage Locations

Your data is stored in:

  • PostgreSQL database (encrypted at rest)
  • Cloudflare R2 or AWS S3 (for screenshots, if configured)
  • Backup systems for disaster recovery

Security Measures

  • HTTPS encryption for all data in transit
  • Database encryption at rest
  • Secure authentication with NextAuth
  • Role-based access control (RBAC)
  • Regular security audits and updates
  • Stripe-verified webhook signatures

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data with:

Service Providers

  • Stripe (payment processing)
  • Vercel (hosting)
  • Fly.io (test execution infrastructure)
  • Email service providers (if configured)

Legal Requirements

We may disclose information if required by law, court order, or government request, or if necessary to protect our rights, property, or safety.

6. Data Retention

We retain your information for as long as:

  • Your account is active
  • Necessary to provide the Service
  • Required by law or for legitimate business purposes

After account deletion, we retain minimal data for fraud prevention and legal compliance (typically 30-90 days), then permanently delete all personal information.

7. Your Rights and Choices

Access and Portability

You can access and export your data through your account settings.

Correction and Deletion

You can update or delete your data at any time. Contact support for assistance.

Marketing Communications

You can opt out of marketing emails using the unsubscribe link in any email.

Cookies and Tracking

We use essential cookies for authentication and session management. You can disable cookies in your browser, but this may limit Service functionality.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

Legal basis for processing: consent, contract performance, legitimate interests, and legal compliance.

11. California Privacy Rights (CCPA)

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Opt out of the sale of personal information
  • Access their personal information
  • Request deletion of personal information
  • Non-discrimination for exercising privacy rights

Note: We do NOT sell personal information.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when changes were made.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

This Privacy Policy is provided as a starting template. Before launching to production, consult with a legal professional to ensure compliance with GDPR, CCPA, and other applicable privacy laws in your jurisdiction.