Privacy Policy

Last updated: 19 May 2026

Plain-English summary: We collect what you give us (account info, the projects + test cases you create, the URLs you ask us to test) and what we need to bill you. We use it to run Testnova for you. We do not sell it. You can export or delete it any time by emailing contact@8bits-solutions.com.

1. Who we are

Testnova is a product of 8bits Solutions, a team of senior engineers specializing in AI-powered QA automation. When this policy says "we," "us," or "Testnova," it means 8bits Solutions. Our contact email is contact@8bits-solutions.com.

2. What we collect

Account information

Your name and email address (collected during sign-up).
The company / workspace name you enter at onboarding.
Authentication identifiers from Clerk (our authentication provider) — including OAuth profile data if you sign in with Google.

Product data

The test projects you create (project name, description, staging URL).
The test cases generated for you, the scripts produced, and metadata about each test run (pass/fail counts, timestamps, AI-summarised triage notes).
Reports and artifacts (HTML reports, screenshots, video traces) uploaded by our test runner from runs against your staging URL.

Usage + technical data

Standard server logs (IP, user-agent, request paths) for security and debugging.
Aggregate usage metrics (number of projects, test cases stored, runs executed) used to compute your tier limits and bill you.

3. What we do not collect

Production credentials. Testnova only runs against the staging URL you provide; we never ask for production credentials.
End-user data from your customers' apps. Test runs use the dedicated test accounts you configure.
Payment card numbers. Billing (when active) is handled by Stripe, which is PCI-DSS Level 1 compliant; we receive only subscription status and invoice metadata.

4. How we use it

To provide the service: store your projects, generate test cases, run nightly executions, send you reports.
To bill you: track usage against your tier.
To support you: respond to requests sent to contact@8bits-solutions.com.
To improve the product: aggregated, de-identified usage patterns inform what we build next.

We do not sell your data to third parties, and we do not use your project content or test runs to train our own AI models.

5. Sub-processors we share data with

Anthropic — we send feature descriptions, test cases, and trimmed run reports to Anthropic's API to generate test cases, scripts, and triage summaries. Anthropic does not use API content for training (per their terms).
Clerk — authentication and organisation management.
Neon — managed PostgreSQL for our control-plane database.
Vercel — hosts our console and API.
Cloudflare — DNS, CDN, and static site hosting for our marketing pages.
AWS S3 — stores Playwright HTML reports and run artifacts.
Resend — sends transactional email (welcome emails, run summaries) — used once you enable email notifications.
Stripe — payment processing (only active once you subscribe to a paid tier). Stripe is PCI-DSS Level 1 compliant.

6. Where your data lives

Our primary database and storage are hosted in Singapore (Neon) and us-east-1 (S3). Compute (our serverless functions) runs across Vercel's edge network, with the primary region in iad1 (US East). If you have data-residency requirements, contact us before signing up — enterprise customers can request specific regions.

7. Data retention

Account data is kept for the lifetime of your subscription plus 30 days after cancellation, then deleted.
Test artifacts (HTML reports, screenshots) are kept for 90 days by default; you can extend or shorten this in project settings.
Server logs are kept for 30 days.

8. Your rights

You can, at any time:

Export your projects, test cases, and run data — email us and we'll send a ZIP within 7 days.
Delete your account and all associated data — email us; we delete within 7 days of the request and confirm.
Access what we have on you — same email path.
Object to any processing that you believe is not necessary for service delivery.

If you are in the EU/UK, you also have rights under GDPR (data portability, right to be forgotten, right to lodge a complaint with your local data-protection authority).

9. Cookies

We use only the cookies needed to keep you logged in (Clerk session cookies). We do not use third-party analytics cookies, advertising cookies, or fingerprinting. If this changes (e.g. we add product analytics), this policy will be updated and you will be notified.

10. Security

All data in transit uses TLS 1.2+ (HTTPS everywhere).
Server-side encryption at rest on S3 (AES-256) and Neon (managed Postgres encryption).
Multi-tenant isolation is enforced at the database layer: every query is scoped to your tenant ID.
We do not log credentials or secret values.

11. Children

Testnova is a B2B tool not directed at children. We do not knowingly collect data from anyone under 16.

12. Changes to this policy

If we make material changes (e.g. add a new sub-processor or new data category), we will email account holders at least 14 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

Privacy questions, deletion requests, GDPR requests, or anything else: contact@8bits-solutions.com.