Privacy Policy

Account Information

When you create a QAAura account, we collect your name, email address, and password (stored as a secure hash). If you sign in via GitHub OAuth, we receive your GitHub username and email.

Usage Data

We collect information about how you use QAAura, including test sessions recorded, scripts generated, AI agent runs, API calls made, and feature usage patterns. This helps us improve the product.

Browser Extension Data

The QAAura Chrome Extension captures browser interactions (clicks, inputs, navigation events, and URLs) only while you have an active recording session. This data is transmitted to our servers solely to generate your test scripts. We do not record any data outside of active recording sessions.

Technical Information

We automatically collect IP addresses, browser type, operating system, and device information for security and analytics purposes.

Providing the Service

We use your data to operate QAAura, authenticate your identity, store your test sessions, generate scripts, and run AI agents on your behalf.

AI Features

Recorded browser interactions and session data may be processed by AI models (including third-party providers such as Groq, Gemini, and Mistral) solely to generate test scripts and suggestions. We do not use your data to train AI models without your explicit consent.

Communications

We may send you service-related emails such as account confirmations, security alerts, and product updates. You may opt out of marketing communications at any time.

Analytics & Improvements

Aggregated, anonymised usage data helps us understand how QAAura is used so we can improve features, fix bugs, and prioritise development.

Storage

Your data is stored in our PostgreSQL database hosted on Supabase, with infrastructure on Railway. Data is stored in the United States unless otherwise specified.

Security Measures

We use industry-standard security practices including encrypted connections (TLS/HTTPS), hashed passwords (bcrypt), JWT-based authentication, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security.

Data Retention

We retain your account data for as long as your account is active. Test session data and logs are retained for up to 12 months. You may request deletion of your data at any time.

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share data with trusted third-party service providers who help us operate QAAura, including Supabase (database), Railway (hosting), and AI model providers (Groq, Gemini, Mistral, Ollama). These providers are contractually bound to protect your data.

Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of QAAura, our users, or the public.

Permissions Used

The QAAura Chrome Extension requests the following permissions: activeTab (to read the current page URL/title for project matching), storage (to store your login token locally), tabs and webNavigation (to detect navigation events during recording), scripting (to inject the recorder into pages), and identity (to manage your authentication session).

Data Captured During Recording

During an active recording session, the extension captures: page URLs, element selectors, input values (excluding passwords), and navigation events. This data is sent to api.qaaura.com over HTTPS and used exclusively to generate your test scripts.

No Background Tracking

The extension does not capture any data when you are not actively recording a session. No browsing history is stored or transmitted outside of active sessions.

Access & Portability

You have the right to access the personal data we hold about you and request a copy in a machine-readable format.

Correction

You may update or correct your account information at any time from your account settings.

Deletion

You may request deletion of your account and associated data by contacting us at privacy@qaaura.com. We will process your request within 30 days.

EEA / UK Users

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR including the right to object to processing, restrict processing, and lodge a complaint with your local supervisory authority.

What We Use

QAAura uses essential cookies and local storage to maintain your login session and remember your preferences. We do not use third-party advertising or tracking cookies.

Control

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the service.

QAAura is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on app.qaaura.com. Your continued use of QAAura after changes take effect constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: