← Back to TC Manager
1. Introduction
[COMPANY_NAME] ("we", "us", "our") operates TC Manager, a SaaS test case management platform ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, password (hashed), and organization name when you create an account.
- Billing information: Payment card details and billing address are collected and processed by our payment provider, Stripe. We do not store your full card number on our servers.
- Content data: Test cases, test plans, test results, attachments, comments, and any other content you create or upload to the Service.
- Communications: Information you provide when you contact us for support, send us emails, or participate in surveys.
2.2 Information Collected Automatically
- Log data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and time spent on pages.
- Device information: Device type, screen resolution, and unique device identifiers.
- Usage data: Features used, actions taken, frequency and duration of activities within the Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the Service: Including account management, authentication, data storage, and delivering the features you use.
- Process payments: To bill you for paid subscriptions and manage your billing account.
- Communicate with you: To send transactional emails (account verification, password resets, billing receipts), respond to support inquiries, and provide service-related announcements.
- Improve the Service: To understand how users interact with the Service, identify trends, and develop new features.
- Ensure security: To detect, prevent, and address fraud, abuse, security issues, and technical problems.
- Comply with legal obligations: To meet applicable legal, regulatory, or contractual requirements.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service:
| Cookie Type |
Purpose |
Duration |
| Essential |
Authentication, session management, security (CSRF protection) |
Session / up to 30 days |
| Functional |
Remembering your preferences and settings |
Up to 1 year |
| Analytics |
Understanding usage patterns and improving the Service |
Up to 2 years |
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.
5. Third-Party Services
We use the following third-party services that may collect or receive your information:
- Stripe (payment processing): Processes your payment information securely. See Stripe's Privacy Policy.
- Analytics provider (e.g., Plausible, PostHog, or Google Analytics): Collects anonymized or pseudonymized usage data to help us understand how the Service is used. We prefer privacy-focused analytics tools that do not use third-party cookies.
- Email service provider (e.g., Resend): Processes transactional emails on our behalf.
- Hosting/infrastructure providers: Our servers and databases are hosted by third-party infrastructure providers that process data on our behalf under strict data processing agreements.
We do not sell your personal information to third parties.
6. Data Retention
- Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
- Cancelled accounts: After cancellation, your data is retained in a read-only state for 30 days, after which it may be permanently deleted.
- Deleted accounts: Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it.
- Backups: Copies of your data may persist in encrypted backups for up to 90 days after deletion before being purged.
- Legal obligations: We may retain certain data as required to comply with legal obligations, resolve disputes, and enforce our agreements.
7. Your Rights Under GDPR (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restrict processing: Request that we limit the processing of your personal data.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to object: Object to the processing of your personal data for certain purposes.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, ensuring security), consent (where explicitly given), and compliance with legal obligations.
To exercise any of these rights, contact us at [CONTACT_EMAIL]. We will respond within 30 days.
8. Your Rights Under CCPA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
- Right to know: Request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
- Right to delete: Request deletion of your personal information, subject to certain exceptions.
- Right to opt-out: Opt out of the "sale" of your personal information. We do not sell personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at [CONTACT_EMAIL]. We will verify your identity before processing your request and respond within 45 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Secure password hashing using industry-standard algorithms.
- Regular security assessments and monitoring.
- Access controls limiting employee access to personal data on a need-to-know basis.
- Automated backups with encryption.
While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [CONTACT_EMAIL].
11. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.
Where we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.
For material changes, we will also attempt to notify you via email or through a prominent notice within the Service at least 15 days before the changes take effect.
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after the revised policy takes effect constitutes your acceptance of the changes.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: [CONTACT_EMAIL]
[COMPANY_NAME]
For GDPR-related inquiries, you may also lodge a complaint with your local data protection authority.