Privacy Policy

1. Information We Collect

We collect information you provide directly, such as account details, workspace details, submitted URLs, flow descriptions, test credentials, support messages, billing metadata, and API requests.

We also collect technical information generated by use of the service, including audit events, browser-run logs, report metadata, device and browser information, IP address, approximate location, timestamps, pages viewed, and interactions with the product.

2. Website and Product Analytics

Prufa may use PostHog for product analytics, web analytics, feature usage analysis, debugging, and product improvement. PostHog may help us understand pages viewed, buttons clicked, feature usage, browser and device context, referrers, approximate location derived from IP address, account or workspace identifiers, and similar usage events.

If session replay is enabled, PostHog may record page interactions so we can debug problems and improve user flows. We intend to use masking and exclusion controls for sensitive fields, but you should not enter secrets, payment card numbers, personal credentials, or other sensitive information into Prufa unless the product specifically asks for test credentials or we have agreed otherwise in writing.

3. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies to keep you signed in, protect the service, remember preferences, measure product usage, and understand whether pages and features work as intended. You can control cookies through your browser settings, although disabling them may break account or dashboard features.

4. How We Use Information

We use information to provide and secure Prufa, run audits and monitors, render reports, authenticate users, process payments, provide support, debug errors, improve product quality, prevent abuse, comply with legal obligations, and communicate service updates.

5. How We Share Information

We do not sell personal information. We may share information with service providers that help operate Prufa, including infrastructure, authentication, analytics, browser execution, payments, email, and error monitoring providers. We may also disclose information if required by law, to protect rights and safety, or as part of a merger, acquisition, or similar business transaction.

6. Reports and Submitted URLs

When you submit a URL for an audit, Prufa visits that URL and may store findings, screenshots or thumbnails, network and console evidence, page metadata, timestamps, and the generated report. Free reports are intended to be unlisted and noindex by default, but anyone with the report URL may be able to view the report.

7. Test Credentials

If you provide test credentials for authenticated flows, we use them to run the checks you configure. You should use limited-scope test accounts rather than personal, production, administrator, or shared human credentials.

8. Data Retention

We keep information for as long as needed to provide the service, maintain audit history, meet legal obligations, resolve disputes, enforce agreements, and improve reliability. Retention periods may vary by data type, plan, and product surface.

9. Security

We use administrative, technical, and organizational safeguards designed to protect information. No internet service can be guaranteed perfectly secure, so you should use limited-scope credentials and avoid submitting sensitive production data unless necessary and expressly supported.

10. Your Choices

You may request access, correction, deletion, or export of your personal information by contacting us. You may also disconnect integrations, delete API keys, cancel monitors, change browser cookie settings, or stop using the service.

11. International Use

Prufa may process information in countries other than where you live. When information is transferred internationally, we use appropriate safeguards where required by applicable law.

12. Changes to This Policy

We may update this policy by posting a revised version on this page. The updated policy applies from the effective date shown above, unless a different date is stated.

13. Contact

Privacy questions and requests can be sent to privacy@prufa.dev.