Privacy Policy

Last updated: March 30, 2026

Data Controller

Regresco is operated by Webihooldus OÜ (registered in Estonia, registry code 16567111). For GDPR purposes, Webihooldus OÜ is the data controller for personal data collected through the Service. For any privacy-related requests, contact us at hi@regresco.com.

1. What We Collect

We collect the following information when you use Regresco:

  • Account information: email address, name, authentication data
  • Project data: project names, staging URLs, encrypted test credentials, flow definitions
  • Test results: run statuses, step results, failure classifications, screenshots, Playwright traces
  • Usage data: run counts, plan information, API key usage

2. How We Use Your Data

  • Provide and operate the testing service
  • Execute test flows against your staging environments
  • Store and display test results, screenshots, and traces
  • Enforce usage limits and manage your account
  • Send service-related communications

3. What We Do Not Do

  • We do not sell your data to third parties
  • We do not use your test data for advertising
  • We do not access your staging environments outside of scheduled test runs
  • We do not store unencrypted credentials
  • We do not train AI models on your project data

4. Data Storage and Security

  • Account and project data is stored in PostgreSQL hosted via Supabase
  • Test artifacts (screenshots, traces) are stored in Supabase Storage
  • Staging credentials are encrypted with AES-256-GCM at rest
  • All data transfer is encrypted via HTTPS/TLS
  • API keys are shown only once at generation

5. Data Retention

Your data is retained for as long as your account is active. Test artifacts may be automatically deleted after 90 days to manage storage. Upon account deletion, all your data is permanently deleted within 30 days.

6. Third-Party Services

We use the following third-party services:

  • Supabase: authentication, database, file storage
  • xAI (Grok): test plan and flow generation (your staging URL and page structure may be sent for analysis when you use AI features)
  • Stripe: payment processing for paid plans (we do not store card details)
  • Resend: transactional email delivery (run notifications)
  • Plausible Analytics: privacy-friendly, cookieless analytics that aggregates anonymous page views. No personal data, no cross-site tracking, no cookies set

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

7. Cookies

Essential cookies: used for authentication session management. These are required for the Service to function and do not require consent.

Analytics: we use Plausible Analytics, which is cookieless by design. No cookies are set, no personal data is collected, no cross-site tracking. We do not use advertising cookies or sell data to advertisers.

8. Your Rights

  • Access your data through the product dashboard
  • Export your project and flow definitions
  • Delete your account and all associated data
  • Request information about what data we hold about you

9. Children

The Service is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions, contact us at hi@regresco.com.