Privacy Policy

Last updated: March 30, 2026

1. What We Collect

We collect the following information when you use Regresco:

  • Account information — email address, name, authentication data
  • Project data — project names, staging URLs, encrypted test credentials, flow definitions
  • Test results — run statuses, step results, failure classifications, screenshots, Playwright traces
  • Usage data — run counts, plan information, API key usage

2. How We Use Your Data

  • Provide and operate the testing service
  • Execute test flows against your staging environments
  • Store and display test results, screenshots, and traces
  • Enforce usage limits and manage your account
  • Send service-related communications

3. What We Do Not Do

  • We do not sell your data to third parties
  • We do not use your test data for advertising
  • We do not access your staging environments outside of scheduled test runs
  • We do not store unencrypted credentials
  • We do not train AI models on your project data

4. Data Storage and Security

  • Account and project data is stored in PostgreSQL hosted via Supabase
  • Test artifacts (screenshots, traces) are stored in Supabase Storage
  • Staging credentials are encrypted with AES-256-GCM at rest
  • All data transfer is encrypted via HTTPS/TLS
  • API keys are shown only once at generation

5. Data Retention

Your data is retained for as long as your account is active. Test artifacts may be automatically deleted after 90 days to manage storage. Upon account deletion, all your data is permanently deleted within 30 days.

6. Third-Party Services

We use the following third-party services:

  • Supabase — authentication, database, file storage
  • xAI (Grok) — AI-powered test plan generation (your staging URL and page structure may be sent for analysis when you use AI Generate)

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

7. Cookies

We use essential cookies for authentication session management. We do not use tracking cookies, analytics pixels, or third-party advertising cookies.

8. Your Rights

  • Access your data through the product dashboard
  • Export your project and flow definitions
  • Delete your account and all associated data
  • Request information about what data we hold about you

9. Children

The Service is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions, contact us at [email protected].