- Privacy is very important to us.
- We won't share your personal information or project data with anyone except to comply with the law, develop and monitor our products, or protect our rights.
- You retain all rights to, and we respect the confidentiality of, all the project data you store on the Testpad service.
- Testpad is compliant with the EU General Data Protection Regulation (GDPR) that is in effect from 25 May 2018.
What we collect and store
- Testpad collects and stores your name and email address when you sign up for the Testpad service.
- Testpad collects limited web session data and statistics as identified by HTTP cookies and browser requests. This data is stored in log files that are only retained for a limited period as required for the analysis and improvement of the Testpad service.
- Testpad stores project data submitted to Testpad as part of the service, mainly consisting of test cases and test results.
What we use it for
- The running of the service, including identification, authentication and monitoring.
- Deriving aggregated, anonymized, statistics and performance metrics.
- Maintenance, analysis and improvement of the Testpad service.
If you are a registered user of Testpad, we will use your email address to send you emails essential to your use of Testpad, for example when assigning Test Runs, or to invite new users to join your account. These emails cannot be opted out of, except by unsubscribing from Testpad and deleting your account.
We may also occasionally send you an email to help you with your use of the Testpad service, to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with Testpad Limited and our products. These emails include an unsubscribe link which you can use to stop receiving all non-essential communication.
What we will and won't disclose
We will never disclose personally identifying (or potentially personally identifying) information about you, or your project data, unless:
- it is to our employees, contractors or affiliated organisations that (i) need to know that information in order to process it on Testpad Limited's behalf or to provide services available at Testpad Limited's websites, (ii) that have agreed not to disclose it to others, and (iii) that are themselves GDPR compliant. Some of these employees, contractors and affiliated organizations may be located outside of your home country; by using Testpad Limited's websites, you consent to the transfer of such information to them.
- we have your permission
- we are required to do so by law
- we believe in good faith that disclosure is reasonably necessary to protect the rights of Testpad Limited, third parties or the public at large.
Testpad Limited will not rent or sell potentially personally-identifying and personally-identifying information to anyone.
We may share with other organisations, or make public, aggregated anonymous data derived from our stored data or statistics.
If you send us a message or request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Such publication will not disclose personally-identifying information, unless such information is intrinsic to the medium (for example, including a twitter handle when re-tweeting on twitter).
Where data is stored
Testpad is hosted on Amazon's cloud platform (AWS) and all Testpad-stored data is stored on AWS server instances, EBS volumes and S3.
Testpad uses Google Analytics to monitor and track the performance of the service. As for all sites using Google Analytics, this means that as users browse the Testpad website and make use of the Testpad service, their browsers will generate usage statistics that will be transmitted to and stored by Google Analytics. Google Analytics is itself (working towards being) GDPR compliant. Users and visitors of Testpad are therefore encouraged to read Google's Data Protection Compliance documentation.
Testpad uses FastSpring to handle payments. All the data required for payments, including name, address and credit card information or other payment method details, are supplied to FastSpring on web pages served by FastSpring servers on behalf of Testpad. Testpad does not therefore process or store any personal data relating to payment details.
Registered users of Testpad can view and edit the data that Testpad stores about them using the Testpad service itself.
Registered users of Testpad, who are the account owner of a team account, can download all the data that Testpad stores for their account as a ZIP of CSV data using the Account Export feature.
Subscribers of Testpad can contact FastSpring directly to request a copy of their personal data that FastSpring stores. Alternatively, subscribers can make such requests to Testpad and Testpad will ask FastSpring for this data on their behalf.
Users of Testpad can contact MailChimp directly to request a copy of their personal data that MailChimp stores. Alternatively, users can make such requests to Testpad and Testpad will ask MailChimp for this data on their behalf.
Users of Testpad can unsubscribe and delete their accounts if they wish Testpad to delete their personal data. Alternatively, users can make a request to Testpad that this data be deleted, in which case Testpad will delete their Testpad Account (and all associated test plan/result data) for them.
When an account is deleted, email addresses may be retained by Testpad for possible future communications, such as notification of new features or services. If a user wishes to not receive such communication, they can use the unsubscribe link contained in all such communications. Email recipients who have unsubscribed will be stored by Testpad (and/or the relevant email processing third party, e.g. MailChimp) so they can be identified as an email address that does not wish to receive further communications. If a user would prefer to be completely forgotten, then they can make a direct request of Testpad who will ensure that both Testpad and any third parties delete their data. Such users might then receive future communication if they later (re)provide their email address.
A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. The operation of the Testpad service relies on cookies for user login (the sessionid cookie) and form data security (the csrftoken cookie). If these cookies are deleted, or disabled, continued use of Testpad is not possible.
Testpad also uses third party cookies from Google Analytics (the cookies with names that begin __utm...). These are used for usage statistics and analysis for the monitoring and improvement of the Testpad service. Testpad does not use Google Analytics "User ID" feature.
Testpad's usage of Google Analytics is basic enough that the GDPR legislation does not require an explicit opt-in from users of Testpad. Nevertheless, users can block Google's cookies using browser settings or plugins.
If Testpad Limited, or substantially all of its assets were acquired, or in the unlikely event that Testpad Limited goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Testpad Limited may continue to use your personal information as set forth in this policy.
Updated 14 May 2018.