This Privacy Policy explains what information TestForge collects, how we use it, how we store it, and what rights you have regarding your data.
TestForge ("we", "us", "our") operates the testforge.in platform ("Platform"). This Privacy Policy describes our practices regarding the collection, use, and protection of information when you use our Platform.
By creating an account and using TestForge, you consent to the data practices described in this policy. This policy should be read alongside our Terms & Conditions.
Our approach: TestForge is designed with a local-first architecture. The Platform executes test operations within your browser environment. We collect only the data necessary to provide account management, organization collaboration, and platform functionality.
We collect the following categories of information when you use the Platform:
When you register, we collect:
If you create or join an organization, we collect:
As you use the Platform, we may store:
When you use the API Lab, we may store request configurations (URLs, headers, methods) as part of your saved collections. We do not store API response data from third-party systems on our servers — responses are processed locally in your browser.
| Data Category | Stored Where | Purpose |
|---|---|---|
| Account credentials | Supabase / localStorage | Authentication |
| Organization membership | Supabase / localStorage | Team collaboration |
| Test configurations | localStorage / Supabase | Platform functionality |
| Execution history | localStorage | Insights & diagnostics |
| Notifications | Supabase | Team communication |
| Session state | sessionStorage | Authentication persistence |
We use the information we collect for the following purposes:
We do not: sell your data to third parties, use your data for advertising, or share your testing data with other users outside your organization.
Data created within an organization context (test suites, API collections, workboard items) is scoped to that organization. Members of an organization may have access to shared data based on their assigned role and permissions.
TestForge uses browser-based storage mechanisms (localStorage and sessionStorage) for certain data persistence. This data remains on your device and is not transmitted to our servers unless explicitly synced through Platform features.
When connected to our cloud infrastructure, data such as account credentials, organization memberships, and notification records is stored on Supabase, a third-party database and authentication provider. Supabase stores data in managed PostgreSQL databases.
The Platform uses Supabase's realtime capabilities for delivering notifications and enabling collaboration features. Realtime data is transient and processed in-memory for delivery purposes.
Test execution logs, insight records, and workflow history are stored primarily in browser localStorage. These records are associated with your account and organization context.
We retain your data for as long as your account is active or as needed to provide Platform services. If you delete your account, we will make reasonable efforts to remove your personal data from our active systems, subject to technical feasibility and legal requirements.
Transparency: TestForge does not use tracking cookies, advertising cookies, or third-party analytics cookies. We use only browser storage APIs (localStorage and sessionStorage) for functional purposes.
| Storage Key | Type | Purpose |
|---|---|---|
tf_session |
sessionStorage | Current authentication session |
tf_theme |
localStorage | Theme preference (dark/light) |
tf_users |
localStorage | User account data (local fallback) |
tf_orgs |
localStorage | Organization data (local fallback) |
tf_notification_prefs |
localStorage | Notification channel preferences |
When authenticated through Supabase, the Supabase client library may store authentication tokens in localStorage using keys prefixed with sb-. These tokens are used solely for maintaining your authenticated session with the Supabase backend.
We do not use cookies or any local storage mechanism for tracking, advertising, or behavioral profiling. All stored data serves a direct functional purpose for Platform operation.
We implement reasonable security measures to protect your data. These measures include:
TestForge enforces a deny-by-default role-based access control (RBAC) system. Every action within the Platform is gated by permissions tied to the user's assigned role (Owner, Manager, Tester). Permissions are checked both at the UI level and in data access logic.
Data created within an organization is scoped to that organization. Users cannot access data belonging to other organizations unless they are members with appropriate permissions.
The Platform supports authentication through Supabase Auth (email/password) with session-based access management. Passwords are not stored in plaintext.
The Platform is served with security headers including X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection to mitigate common web vulnerabilities.
Honest assessment: While we implement reasonable security measures, no system is completely secure. We do not guarantee absolute security of your data. We encourage you to use strong, unique passwords and to safeguard your account credentials.
TestForge uses the following third-party services as part of its infrastructure:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, realtime | Account data, organization data, notifications |
| Google Fonts | Typography (Inter, JetBrains Mono) | Standard font loading request (IP address) |
| Formspree | Contact form processing | Contact form submissions (name, email, message) |
| Vercel | Hosting & deployment | Standard web server access logs |
Each third-party service operates under its own privacy policy. We encourage you to review their respective policies:
We do not currently integrate third-party analytics, advertising networks, or payment processing services.
You have the following rights regarding your data:
You may request deletion of your account by contacting us at hello@testforge.in. Upon account deletion, we will remove your personal data from our active systems. Data associated with organization workspaces may be retained for the organization's operational purposes.
You may request a copy of the personal data we hold about you. We will respond to data access requests within a reasonable timeframe.
You can update your account information (display name, email) through the Platform's profile settings. For changes that cannot be made through the Platform, contact us directly.
Organization owners have administrative control over their organization's data, including the ability to manage members, control access, and manage workspace content. If you are a member of an organization and wish to have your data removed, contact your organization's owner or reach out to us.
Data stored in your browser's localStorage and sessionStorage can be cleared directly through your browser settings. Clearing browser data will remove locally-stored Platform data from your device.
TestForge is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a child under 16, please contact us immediately at hello@testforge.in.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
Your continued use of the Platform after changes to this policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy, your data, or your rights, please contact us:
We will respond to all privacy-related inquiries within a reasonable timeframe.
TestForge