Legal

Privacy Policy

Last updated: May 2, 2026

Test Dossier is built around a simple promise: your test data is yours. This page explains exactly what we collect, what we don't, and why.

Free, without sign-up

If you use Test Dossier without signing in, your test data — tabs, screenshots, results — is stored entirely in your browser's IndexedDB. None of it is sent to our servers. We can't see it, we couldn't restore it for you, and we can't sell it because we don't have it.

The Pro version (with an account)

If you sign up for Pro, we store the following on Cloudflare infrastructure:

  • Your email address (for login and account recovery)
  • Your test cases, projects, test plans, and history (so they sync across devices)
  • Screenshots you've added to test cases (in Cloudflare R2 storage, scoped to your account)
  • Your subscription status (managed via Lemon Squeezy, our payment processor)

We do not read, mine, sell, or train AI on your test content. We never share your data with third parties except as required to operate the service (Cloudflare for hosting, Resend for sending login emails and comment notifications, Lemon Squeezy for payments, Anthropic for opt-in AI features described below).

AI features (opt-in, Pro-only)

AI features are off by default. When you trigger one — generate-test-from-story, screen-recording extraction, AI coverage review, AI peer review, or AI fixture builder — the relevant text or recording is sent to Anthropic to fulfil that single request. Anthropic does not train its models on inputs sent through their API, and we do not retain your prompts beyond the round-trip needed to return your result.

If you don't use AI features, no test content ever leaves your account.

Team workspaces (Pro)

If you create a workspace and invite teammates, we store: the email addresses you invite, each member's account membership and role (owner / member), and an activity feed recording who edited which test case and when. We also broadcast lightweight presence signals (which test case a teammate is currently viewing) in real time to other members of the same workspace.

Workspace data stays inside the workspace — it is not shared with other workspaces or used for anything besides operating the workspace. Owners can remove members at any time; removed members lose access immediately.

CI ingest (Pro)

If you POST results from your CI pipeline (Cypress, Playwright, JUnit XML, or generic JSON) to /api/ci/ingest, we store: run metadata (build, environment, duration, branch), per-test results (name, status, duration, error messages), and any attachments included in the payload. CI runs land in your project's history alongside manual runs.

The per-project bearer token used to authenticate ingest requests is stored hashed at rest and never displayed again after creation. You can rotate it any time from project settings.

API check (Pro)

The API check tool fires HTTP requests on your behalf from a server-side proxy at /api/proxy. Each request you fire originates from our Cloudflare Worker (User-Agent: TestDossier-APICheck/1.0) and the response is returned to your browser. We do not retain any record of which URLs you fire — the proxy is stateless.

What does get stored, when you click Attach to step:

  • The structured request shape (method, URL, headers, body) — saved to your test case's evidence record alongside the response snippet, latency, and status code.
  • Sensitive header values (Authorization, Cookie, X-API-Key, X-Auth-Token, X-CSRF-Token, Proxy-Authorization) are redacted to *** before being saved. We never store these values on our servers. Header names are preserved so you know what auth method the request used.
  • The response body (truncated to 8 KB) is saved as the evidence snippet. If the response itself contains tokens, they go to our database.
  • An inferred JSON schema of the response (types only, no values) is saved as the drift-detection baseline.
  • A capped per-evidence run history (last 50 runs) recording timestamp, status, latency, and pass/fail per re-run.

Browser-local storage (never sent to our servers):

  • If you tick Remember credentials in this browser, the actual sensitive header values are saved to your browser's localStorage keyed by evidence ID. They live only on this device, never sync across machines, and never travel to our servers or to other workspace members. You can wipe them in one click via the Forget button on any evidence card, or by clearing your browser's site data for testdossier.com.
  • If you tick Keep history in this browser, in-flight runs you haven't yet attached are mirrored to localStorage so they survive page reload. Same scope: this browser only, never synced. Cleared automatically when you click Attach to step.

Trust level: our local credentials cache is similar to the local-mode storage in tools like Postman, Insomnia, and Thunder Client. It is fine for development and staging tokens but not appropriate for production credentials on a shared machine. We recommend using ephemeral tokens for testing.

What the proxy refuses: requests targeting private IP ranges (RFC1918, loopback, link-local, CGNAT, multicast, IPv6 ULA), localhost, .local / .internal / .intranet / .corp hostnames, embedded user:pass credentials in URLs, and known non-HTTP service ports. Redirects are followed manually with each hop re-validated. Response bodies are capped at 2 MB and the request times out after 15 seconds. Per-user rate limit: 30 requests/minute and 500/day.

Shared evidence links — viewers and commenters

When you generate a shareable evidence link, anyone with the link (and password, if you set one) can view it. We don't require viewers to sign in or share any personal information.

For each link you create, we collect the following analytics so you can see how it's being used:

  • View rows: a daily-rotating, non-reversible hash of the viewer's IP, a hash of their browser's User-Agent string, the host portion of the referring page (e.g. slack.com), and the country code Cloudflare reports at our edge. We never store raw IP addresses.
  • Comments: if a viewer leaves a comment on your shared report, we store the name they typed, the optional email they provided (never displayed publicly — only stored so you can reply manually), the comment body, and an approximate country code from Cloudflare's edge. The country is visible only to the share owner during moderation; other public viewers don't see it. The share owner gets an email notification.

You (the share owner) can disable commenting per-share at any time, delete individual comments, or revoke the share entirely — which removes both the link and all associated comments and view rows.

Analytics

We use Cloudflare Web Analytics on our marketing pages and the app to count pageviews. It does not use cookies, does not collect personal information, and does not track you across sites. We don't use Google Analytics or any third-party advertising tracker.

Cookies

The free version uses no cookies. The Pro version uses one essential cookie to keep you logged in (HttpOnly, Secure, SameSite=Lax). No advertising or tracking cookies, ever.

Data retention

If you cancel Pro, your account data remains accessible for 30 days, then is permanently deleted from our servers. You can export your data as JSON at any time.

Test history is append-only. Once a test run is logged, the snapshot itself isn't modified or deleted by Test Dossier automatically. There is no UI control to delete a single run, and projects with logged history can be archived but not permanently deleted. This is intentional: test history is meant to be trustworthy evidence of what was tested and when, so it doesn't quietly disappear under you.

If you free up image storage from your account settings, the image bytes are deleted from our object store but the test run row itself keeps its references. Old screenshots show as unavailable rather than the historical record silently changing.

Your rights

You can request a copy or deletion of your data at any time. The account-settings page has a Download all my data button (JSON export) and a Delete my account action. For requests we can't satisfy through the UI, email support@testdossier.com — we respond within 7 days.

What account deletion removes: your email address, login sessions, personal projects (and their tabs, runs, and shares), saved preferences, and your subscription identifiers.

What account deletion preserves and why: test runs you logged inside a team workspace stay with that workspace. The system identifiers connecting those rows to you — your user id, your email — are removed, so “logged by” appears blank to other members. The structural record of what was tested, when, and with what result remains in the team's audit trail. This is what makes shared workspace history usable for compliance, audits, and post-incident reviews. If you contributed to a workspace and want additional content reviewed for redaction, email support and we'll handle it case by case.

Contact

Questions about privacy? Email support@testdossier.com.