Privacy Policy

What we collect and why

Our guiding principle is to collect only what we need.

Identity and access

When you sign up for TestNod, we collect your name and email address. If you sign up via GitHub or Google OAuth, we receive your name, email address, and profile information from the respective provider. We use this information to set up your account and send you essential product communications.

We request only the minimum OAuth scopes necessary. For GitHub, this includes access to your public profile and email address. We do not request access to your private repositories or source code.

We will never sell your personal information to third parties.

Billing information

If you sign up for a paid TestNod plan, you will be asked to provide payment information. Credit card details are submitted directly to our payment processor, Stripe, and never touch TestNod servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history and billing support. We store your billing address to charge for the service, calculate applicable taxes, and send invoices.

Product data

We store the data you upload to TestNod, including JUnit XML test results, CI build metadata, and related analytics data. This is the core of the service. We retain this data for as long as your account is active.

Test result files are uploaded via our GitHub Action or CLI tool and processed through AWS S3 and SQS. The processed analytics data is stored in our application database.

We do not access the content of your test data except as necessary to provide the service (processing, aggregation, analytics, and alerting).

Geolocation data

We log the IP address used to create an account and all subsequent login activity. This data is used for security, fraud prevention, and abuse mitigation. We retain login data for as long as your account is active.

Website analytics

We use Fathom Analytics for website analytics. Fathom is a privacy-focused analytics tool that does not use cookies, does not track users across sites, and does not collect personal information. No personally identifiable information is shared with Fathom.

Cookies

TestNod uses essential cookies only, specifically session cookies required for authentication and application functionality. We do not use third-party tracking cookies or advertising cookies.

Voluntary correspondence

When you contact us with a question or support request, we keep that correspondence, including your email address, so we have context for any future communication.

Third-party subprocessors

We use the following third-party services to operate TestNod:

• Hetzner Cloud — Application hosting and infrastructure (EU)
• AWS S3 / SQS / Lambda — File storage, queue processing, and data processing (EU region)
• Stripe — Payment processing
• Honeybadger — Error monitoring and exception tracking
• Fathom Analytics — Privacy-focused website analytics

We do not share your personal information with any of these services beyond what is necessary for them to perform their function.

When we access or disclose your information

To provide the service. We use the subprocessors listed above to run TestNod. We do not look at your test data except when necessary to debug an issue with your explicit permission, or when required by law.

To troubleshoot with your permission. If we need to access your account data to resolve a support case, we will ask for your consent first.

To investigate abuse. If we have reason to believe an account is being used in violation of our terms, we may investigate. This is a last resort.

Aggregated and de-identified data. We may use aggregated, de-identified data for analytics or to improve the service. This data cannot be traced back to any individual account.

When required by law. If compelled by legal process, we may be required to disclose information. Our policy is to notify affected users before disclosure unless legally prohibited from doing so.

If the business is acquired. If TestNod is acquired by or merges with another company, we will notify you before any personal information is transferred or becomes subject to a different privacy policy.

Your rights

We apply the same data rights to all users regardless of location:

• Right to Know. You have the right to know what personal information we collect and how it is used, as described in this policy.
• Right of Access. You can access the personal information we hold about you.
• Right to Correction. You can request correction of inaccurate personal information.
• Right to Deletion. You can request that we delete your personal information. This may result in closing your account, as the service cannot function without it.
• Right to Restrict Processing. You can request that we restrict how your information is used.
• Right to Portability. You can request a copy of your data in a portable format.
• Right to Object. You can object to how your information is processed in certain situations.
• Right to Complain. You have the right to file a complaint with the appropriate data protection authority.

To exercise any of these rights, contact us at [email protected].

How we secure your data

All data is encrypted in transit via TLS. Database backups are encrypted. We follow standard security practices for a modern web application hosted on managed infrastructure.

We do not store passwords in plain text. If you use email/password authentication, passwords are hashed using a secure one-way hashing algorithm.

Account deletion and data retention

If you delete your account, your data will become inaccessible immediately. All personal information and test data will be permanently purged from our systems within 30 days. Copies in encrypted backups will be purged within an additional 30 days.

We retain your information only for as long as necessary to provide the service. When your account is deleted, we delete your data as described above, except where we are required by law to retain certain records (such as billing information for tax purposes).

Location of data

TestNod's application servers and primary database are hosted in the European Union (Hetzner Cloud). Some data processing occurs through AWS services configured to use EU regions. Payment processing through Stripe may involve data transfer to the United States.

Transferring personal data from the EU

For any transfers of personal data outside the EU, we rely on Standard Contractual Clauses or other appropriate safeguards as required by applicable data protection law.

Changes and questions

We may update this policy to reflect changes in our practices or applicable regulations. If we make significant changes, we will notify users via email.

Questions, comments, or concerns about this policy? Contact us at [email protected].