Privacy Policy

// Version 1.0 — Effective April 2026

This Privacy Policy explains how Sana Ventures Studio SL ("Company", "we", "us", or "our") collects, uses, and protects your personal data when you use TestPilot ("Service"). We are committed to complying with the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

1. Data Controller

Sana Ventures Studio SL
Madrid, Spain
Contact: hello@testpilotapp.dev

2. Data We Collect

Data	Why we collect it	Legal basis	Retention
Email address	Account creation, authentication via magic link, service communications	Contract performance	Until account deletion
Plan / subscription status	Feature access control, billing management	Contract performance	Until account deletion
Test run history	Test results, bug reports, screenshots you generate	Contract performance	Up to 500 most recent runs
App URLs and credentials	Required to perform tests you request. Credentials are used only during active test sessions and are not permanently stored.	Contract performance	Session only
Claude API key	Required to execute AI-powered tests. Stored only in your browser's local storage — never on our servers.	Contract performance	Browser local storage only
Terms acceptance	Legal compliance record	Legal obligation	Until account deletion
Last login timestamp	Security and account management	Legitimate interest	Until account deletion
Traffic logs	Analytics — page visits, referral source (no personal identifiers)	Legitimate interest	90 days rolling

3. Data We Do NOT Collect

• We do not collect payment card details (handled by Stripe directly)
• We do not store your Claude API key on our servers
• We do not permanently store login credentials you provide for testing
• We do not sell your data to third parties
• We do not use your data for advertising purposes

4. Third-Party Services

Service	Purpose	Data shared
Supabase	Database hosting (EU region)	Email, plan, test history
Stripe	Payment processing	Email, payment details (we never see card numbers)
Resend	Transactional email	Your email address, email content
Anthropic	AI processing via your own API key	Test scenarios, screenshots (sent via your key)
Microsoft Clarity	Session recording and heatmaps	Anonymized browsing behavior
Microsoft Azure	Server hosting (EU — Ireland region)	All service data

5. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

• Right of access — Request a copy of all data we hold about you
• Right to rectification — Request correction of inaccurate data
• Right to erasure — Request deletion of your account and all associated data
• Right to restriction — Request we limit how we process your data
• Right to portability — Receive your data in a machine-readable format
• Right to object — Object to processing based on legitimate interest
• Right to withdraw consent — Where processing is based on consent

To exercise any of these rights, contact us at hello@testpilotapp.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• HTTPS encryption for all data in transit
• Row-Level Security on all database tables
• Session-based authentication with short-lived magic links
• API key isolation — your Claude key never leaves your browser

7. Data Retention

We retain your personal data for as long as your account is active. If you request account deletion, we will delete your data within 30 days, except where we are required to retain it by law.

8. Cookies

TestPilot uses the following:

• tpsession — Authentication cookie, HttpOnly, expires in 30 days. Required for the Service to function.
• Microsoft Clarity — Session recording cookies for analytics. You may opt out via your browser settings.

9. Children

TestPilot is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by requiring re-acceptance within the Service. The version number and effective date will be updated accordingly.

11. Contact

For privacy-related inquiries: hello@testpilotapp.dev
Sana Ventures Studio SL — Madrid, Spain

← Back to TestPilot