Preflight Logo
Get Started

Privacy Policy

Last updated: December 17, 2025

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account information: Name, email address (we use passwordless authentication via magic links and OTP codes)
  • Profile information: Company name, role, preferences
  • Usage data: Test plans, test results, screenshots, and notes
  • Communication data: Messages, feedback, and support requests

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Analyze usage patterns and trends
  • Detect, prevent, and address fraud and security issues
  • Comply with legal obligations

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • Service providers: Third-party vendors who perform services on our behalf
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • Legal requirements: When required by law or to protect our rights
  • With your consent: When you explicitly agree to share information

4. Subprocessors and Data Partners

We use the following third-party service providers ("subprocessors") to help us provide our services. These providers have access to certain personal information only to perform specific tasks on our behalf, are obligated to protect your information, and are bound by data processing agreements that comply with GDPR and other privacy regulations.

Infrastructure & Hosting

  • Vercel Inc. - Application hosting and deployment (United States)
  • Google Cloud Platform - Database hosting and session storage (United States)

Storage & CDN

  • Cloudflare R2 - File storage for uploads and evidence (Global)

Communications

  • Resend - Authentication emails (magic links, OTP codes) and transactional email delivery (United States)

AI Services

  • Google AI (Gemini) - AI-powered test generation (United States)

Important: Your feature descriptions and test data are not used to train AI models or shared with other customers. We use enterprise APIs with data protection guarantees.

Real-Time Features

  • Pusher - Real-time collaboration and presence (United States)

Performance Monitoring

  • Vercel Speed Insights - Performance metrics and Core Web Vitals monitoring (United States)

Note: This only collects anonymous performance data (page load times, Web Vitals), not behavioral analytics or user tracking.

Optional Integrations (User-Initiated)

The following services are only accessed when you explicitly connect them to your account:

  • Linear - Issue tracking integration
  • Figma - Design context extraction
  • Atlassian Jira - Issue tracking integration

What We Don't Share

  • We do not sell your personal information to third parties
  • We do not use your test data or feature descriptions for marketing purposes
  • We do not share your data with other Preflight users
  • We do not train AI models on your proprietary information

We regularly review our subprocessors and will update this list as our service providers change. For questions about our subprocessors, please contact us at hello@preflightqa.xyz.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection practices

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your personal information
  • Export: Receive your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to certain processing of your data

8. Cookies and Tracking

We use minimal cookies to provide our Service:

Essential Cookies

  • session - Secure authentication cookie (HTTP-only, encrypted, expires after 7-30 days based on your preference)
    • Purpose: Keeps you logged in
    • Type: First-party, essential for service functionality

What We Don't Use

  • Marketing or advertising cookies
  • Third-party tracking cookies
  • Analytics cookies
  • Social media cookies

You can delete the session cookie through your browser settings, but this will log you out and you'll need to sign in again. Our Service requires this cookie to function.

Performance Monitoring: We collect anonymous, aggregated performance metrics (page load times, Core Web Vitals) through Vercel Speed Insights. This data does not identify individual users and is used solely to improve application performance.

9. Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: privacy@preflightqa.xyz

For data protection inquiries: dpo@preflightqa.xyz