Privacy Policy

1. Introduction

Welcome to EZTest. We are committed to protecting your privacy and ensuring transparency about how we handle data. This Privacy Policy explains our practices regarding data collection, use, and protection in our self-hosted test management platform.

Important Note: EZTest is designed as a self-hosted solution. When you deploy EZTest on your own infrastructure, you maintain complete control over your data. This policy primarily addresses the open-source project and any official instances we may operate.

2. Self-Hosted Architecture

EZTest is built to be self-hosted, meaning:

• You install and run EZTest on your own servers or infrastructure
• All data remains within your environment and under your control
• We (the EZTest developers) do not have access to your instance's data
• You are the data controller for any data processed by your EZTest instance
• You are responsible for implementing appropriate security measures for your deployment

3. Information Collection

3.1 Data Stored in Your EZTest Instance

When you use your self-hosted EZTest instance, the following types of data are stored in your local database:

• Account Information: Name, email address, password (hashed), profile details
• Project Data: Project names, descriptions, settings, and configurations
• Test Cases: Test case details, descriptions, steps, expected results
• Test Suites: Test suite organization and structure
• Test Runs: Execution history, results, and associated metadata
• Team Information: User roles, permissions, and project memberships
• Usage Metadata: Timestamps, activity logs, and system-generated data

4. How Information Is Used

4.1 Within Your Self-Hosted Instance

Your EZTest instance uses data to:

• Provide test management functionality
• Enable team collaboration and project management
• Generate reports and analytics for your testing activities
• Authenticate users and manage access controls
• Send email notifications (if configured by your instance administrator)

4.2 Open Source Development

Aggregated, anonymized data from opt-in telemetry (if implemented) may be used to:

• Improve software features and performance
• Identify and fix bugs
• Understand feature usage patterns
• Guide product development priorities

5. Data Storage and Security

5.1 Your Responsibility

As a self-hosted solution, you are responsible for:

• Securing your infrastructure and database
• Implementing appropriate access controls
• Maintaining regular backups
• Ensuring HTTPS/TLS encryption for data in transit
• Complying with applicable data protection regulations (GDPR, CCPA, etc.)
• Managing user access and permissions appropriately

5.2 Security Features

EZTest includes built-in security features:

• Password hashing using industry-standard algorithms (bcrypt)
• Role-based access control (RBAC) system
• Session management and authentication via NextAuth.js
• Protection against common vulnerabilities (XSS, CSRF, SQL injection)
• Secure API endpoints with authentication middleware

6. Data Sharing and Third Parties

6.1 We Don't Share Your Data

Since EZTest is self-hosted:

• We (the EZTest developers) do not have access to your instance data
• We do not sell, rent, or trade any data
• Your data is not shared with third parties unless you explicitly configure integrations

6.2 Optional Integrations

If you configure external integrations (email services, authentication providers, etc.), data may be shared with those services according to your configuration and their respective privacy policies.

7. Your Rights and Choices

As a user of a self-hosted EZTest instance, you have rights regarding your data:

• Access: You can view and export your data through the application interface
• Rectification: You can update your profile and correct inaccurate data
• Deletion: You can request account deletion from your instance administrator
• Data Portability: You can export your data in standard formats
• Objection: You can object to certain data processing activities

Contact your EZTest instance administrator to exercise these rights or for questions about data handling in your organization.

8. Data Retention and Deletion

EZTest allows administrators to configure data retention policies based on their organizational requirements:

8.1 Retention Periods

• User Accounts: Active accounts are retained indefinitely until deletion is requested or the account is deactivated by an administrator
• Project Data: Projects, test cases, test suites, and related data are retained as long as the project exists
• Test Run Results: Test execution history is retained according to your instance's configuration (typically indefinitely for audit purposes)
• Audit Logs: System activity logs may be retained for security and compliance purposes based on organizational policies
• Deleted Accounts: When an account is deleted, associated personal data is permanently removed, while test artifacts created by the user may be anonymized and retained for historical records

8.2 Data Deletion Options

Your EZTest instance administrator can configure automated data deletion policies:

• Automatic deletion of inactive user accounts after a specified period of inactivity
• Scheduled cleanup of old test run results beyond a retention threshold
• Archived project data removal after a defined period
• Automatic purging of audit logs older than a specified timeframe

8.3 Manual Deletion

Users and administrators can manually delete data at any time:

• Users can delete their own test cases, test suites, and test runs they have created (subject to permissions)
• Project managers can delete entire projects and all associated data
• Administrators can remove user accounts, which triggers permanent deletion of personal information
• Administrators can execute database cleanup operations to remove orphaned or obsolete data

Important: Deleted data cannot be recovered. Ensure you have appropriate backups before performing deletion operations. For compliance with data protection regulations (GDPR, CCPA), contact your instance administrator to establish appropriate retention and deletion schedules.

9. Cookies and Tracking

EZTest uses essential cookies for:

• Session management and authentication
• Maintaining user preferences
• Security features (CSRF protection)

These cookies are necessary for the application to function properly. We do not use third-party tracking cookies or advertising cookies in the core application.

10. Children's Privacy

EZTest is not intended for use by individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact your instance administrator.

11. Open Source Software

EZTest is open-source software licensed under the MIT License. The source code is publicly available on GitHub at github.com/houseoffoss/eztest.

You are free to review, modify, and audit the code to ensure it meets your privacy and security requirements. We welcome community contributions to improve security and privacy features.

12. Official Demo Instance

We provide an official demo instance of EZTest for evaluation purposes at eztest.houseoffoss.com.

Data stored on the demo instance is subject to the following terms:

• Demo data is periodically reset
• The demo instance is for testing and evaluation purposes only
• Do not store sensitive, confidential, or production data on the demo instance
• We reserve the right to review and remove inappropriate content
• Demo accounts may be deleted without notice as part of routine maintenance
• The demo instance may have limited features or resources compared to production deployments

For production use, please deploy your own self-hosted instance following the installation instructions in our documentation.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. Changes will be posted in the EZTest repository and documentation. For self-hosted instances, updates to the privacy policy will be included in software releases.

We encourage you to review this policy periodically. Continued use of EZTest after changes indicates acceptance of the updated policy.

14. Contact Information

For questions about this Privacy Policy or the EZTest project:

• Demo Instance: eztest.houseoffoss.com
• Project Issues: GitHub Issues
• Email: info@belsterns.com
• Repository: github.com/houseoffoss/eztest

For questions about data handling in a specific EZTest instance, please contact that instance's administrator.