LEGAL CENTER

Privacy Policy

Updated: 11 April 2025

Introduction

This Privacy Policy should be read in conjunction with our Terms of Service - together they form our agreement with you.

This page lays out our commitment to data protection and makes transparent what data we collect about our users and customers. This page also describes how you can access, update or delete this information.

When we say “Testpad”, “Company”, “we”, “our”, or “us” in this document, we are referring to Testpad Limited, a company registered in England and Wales with company number 07670236.

When we say “Service” or “Services”, we mean our app (including any free, anonymous, trial or paid account) and our websites, including the services, product, and content found on testpad.com and any sub-domains (including [yourdomain].testpad.com).

When we say “You” or “your”, we are referring to the people or organizations that use any of our sites or services, including people or organizations that have been invited to use someone else’s company account.

GDPR and CCPA

We are committed to privacy and data protection, including the requirements set out by the United Kingdom General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

In order to provide our Services to you or Authorized Users, we collect and process some of your personal data. As a data processor (in GDPR terminology), such collection and processing will always be in accordance with this Privacy Policy.

We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. You can see a list of the subprocessors who handle personal data for us.

Under the CCPA, we are a “service provider”, not a “business” or “third party”, with respect to your use of the Services. That means we process any data you share with us only for the purpose you signed up for and as described in this Privacy Policy and our Terms of Service.

We do not retain, use, disclose, or sell any of that information for any other commercial purposes unless we have your explicit permission. Where applicable, you agree to comply with your requirements under the CCPA and not use our Services in a way that violates the regulations.

These Terms incorporate the Data Processing Agreement (DPA) when the GDPR or UK GDPR applies to your use of our Services to process Customer Data as defined in the DPA. The DPA linked above supersedes any previously agreed data processing addendum between you and Testpad relating to your use of our Services.

Principles

Privacy is very important to us.

We only collect the minimum amount of personal information necessary to fulfill the purpose of your interaction with us; we keep it only for as long as we have valid reasons to keep it; and we never sell or rent it to third parties.

We won't share your personal information or project data with anyone except to comply with the law, develop and monitor our products, or protect our rights.

You retain all rights to, and we respect the confidentiality of, all the project data you store on the Services.

Testpad is compliant with the EU General Data Protection Regulation (GDPR) that is in effect from 25 May 2018 as updated from time to time.

What data we collect and store

Testpad collects and stores your name and email address when you sign up for the Services.

Testpad collects limited cookies, as detailed in our Cookie Policy.

Testpad stores project data submitted to us as part of the Services, mainly consisting of test cases and test results.

If you send us an email to an address that ends in '@testpad.com', use one of the in-app contact forms, or use one of the online forms on our website testpad.com, or send us a crash report, we collect and store your name and email address and any additional information and documents you send us in your correspondence.

If you become a paying customer, all data required for payments - including your name, address and credit card information or other payment method details - are supplied to FastSpring on web pages served by FastSpring servers on behalf of Testpad. We do not directly process or store any personal data relating to payment details. You can refer to FastSpring’s GDPR compliance here.

What we use this data for

We use the data we collect to:

  • Provide and run our Services, including identification, authentication and monitoring.
  • Derive aggregated, anonymized, statistics and performance metrics.
  • Maintain, analyze, and improve the Services.

If you are a registered user of Testpad, we will use your email address to send you emails essential to your use of the Services, for example when assigning Test Runs, when inviting new users to join your account, or notice of service renewals. The only way to opt out of these emails is to unsubscribe from the Services and delete your account.

We will also send registered users of Testpad emails during the free trial period to help them get started with the Testpad application. You can opt out of non-essential emails in this by using links in the footer.

We may also occasionally send you an email to help you with your use of our Services, to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with Testpad and our products. These emails include an unsubscribe link which you can use to stop receiving all non-essential communication.

As you would expect of any business, we share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file tax returns.

What we will and won't disclose

We will never disclose personally identifying (or potentially personally identifying) information about you, or your project data, unless:

  • It is to our employees, contractors, or affiliated organizations that (i) need to know that information in order to process it on Testpad’s behalf or to provide the Services, (ii) that have agreed not to disclose it to others, and (iii) that are themselves GDPR compliant. Some of these employees, contractors, and affiliated organizations may be located outside of your home country; by using Testpad’s websites, you consent to the transfer of such information to them.
  • We have your permission.
  • We are required to do so by law.
  • We believe in good faith that disclosure is reasonably necessary to protect the rights of Testpad, third parties or the public at large.

Testpad will not rent or sell potentially personally-identifying and personally-identifying information to anyone.

We may share with other organizations, or make public, aggregated anonymous data derived from our stored data or statistics.

If you send us a message or request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Such publication will not disclose personally-identifying information, unless such information is intrinsic to the medium (for example, including a twitter handle when re-tweeting on twitter).

You can find information on how we keep your data safe on our 3. Security & Trust Center page.

Where data is stored

We rely on best-in-class third-party services to store your data securely. Here's the list of our vendors we use, and links to their privacy policies:

  • Amazon Web Services. Testpad’s Service is hosted on Amazon's cloud platform (AWS) and all Testpad-stored data is stored on AWS databases, server instances and S3.
  • Google Analytics. We use Google Analytics to monitor and track the performance of the Services. As you browse the Testpad website and/or make use of the Service, your browser will generate usage statistics that will be transmitted to and stored by Google Analytics. We may also use other analytics services from time to time, for similar purposes to Google Analytics.
  • Fastspring. We use FastSpring as a payment processor to handle payments. All the data required for payments, including name, address and credit card information or other payment method details, are supplied to FastSpring on web pages served by FastSpring servers on Testpad’s behalf. We do not therefore process or store any personal data relating to payment details. You can also refer to FastSprings GDPR compliance.
  • Datadog. Infrastructure and application monitoring. We use Datadog to monitor our Services for issues and security.
  • Help Scout. We use Help Scout to log customer queries and help requests. Email addresses, your name and any request details you enter on our Services will be shared with and stored by HelpScout
  • Userlist. We use the email-automation services provided by Userlist.io to send emails to registered users of our Service. Email addresses will be shared with and stored by Userlist.io for the sending of emails on Testpad's behalf.
  • Postmark. We use the email-delivery service Postmark (an ActiveCampaign company) to send transactional emails to registered users of our Service. As for all clients of Postmark, this means email addresses will be shared with and stored by Postmark for the sending of emails. You can also refer to Postmark's EU Data Protection information.
  • CookieYes. If you are located in the European Union, we use CookieYes to manage your cookie consent preferences.
    Access

Registered users of the Service can view and edit their personal data stored by Testpad using the Service itself.

Registered users of the Service, who are the account owner of a team account, can download all the data that Testpad stores for their account as a ZIP file of CSV data using the Account Export feature.

Subscribers of the Service can contact FastSpring, Postmark (ActiveCampaign), or Userlist.io directly to request a copy of their personal data that these services are storing. Alternatively, subscribers of the Service can make such requests to Testpad and we will ask for this data on their behalf.

Deletion

Users of the Service can unsubscribe and delete their accounts if they wish Testpad to delete their personal data. Alternatively, users can make a request to Testpad that this data be deleted, in which case Testpad will delete their Testpad Account (and all associated test plan/result data) for them.

When an account is deleted, email addresses may be retained by Testpad for possible future communications, such as notification of new features or services. If a user wishes to not receive such communication, they can use the unsubscribe link contained in all such communications. Email recipients who have unsubscribed will be stored by Testpad (and/or the relevant email processing third party, e.g. Postmark) so they can be identified as an email address that does not wish to receive further communications.

If a user would prefer to be completely forgotten, then they can make a direct request of Testpad who will ensure that both Testpad and any third parties delete their data. Such users might then receive future communication if they later (re)provide their email address.

Cookies

Cookie details can be found in our Cookie Policy.

Business Transfers

If Testpad, or substantially all of its assets were acquired, or in the unlikely event that Testpad goes out of business or enters bankruptcy, user information would be one of the assets that is transferred to or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Testpad may continue to use your personal information as set forth in this policy.

Privacy Policy Changes

Testpad may change its Privacy Policy from time to time, and at Testpad’s sole discretion. Testpad encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Green square with white check