Privacy Policy

Last updated: 1 July 2026 · Vektify Test Management

Template notice: This policy is provided as a starting point and must be reviewed by qualified counsel and completed (items in [brackets]) before it is relied upon.

1. Who we are

Vektify ("we", "us") provides a test-management application. The data controller is [LEGAL ENTITY NAME], [ADDRESS]. For privacy questions or to exercise your rights, contact [privacy@vektify.com]. [Appoint/here name a DPO or EU representative if required.]

2. What we collect

CategoryExamplesSource
Account & profileName, email, display name, role, avatar, timezoneYou
Organization membershipWhich org you belong to and your roleYou / your admin
Usage & presenceSign-in/out events, online/idle status, last-seen time, actions you take (e.g. executed a test)Automatic
Test contentTest cases, plans, results, comments, tasks you authorYou
EvidenceScreenshots you attach to test resultsYou
TechnicalBrowser session token (stored locally), theme preferenceAutomatic

3. Why we use it, and our lawful basis

To provide and secure the service, authenticate you, and enable team collaboration (performance of a contract); to keep an activity/audit log and monitor account access for security and service integrity (legitimate interests); and to meet legal obligations where applicable. Where we rely on legitimate interests we have balanced them against your rights.

4. Workplace / contractor monitoring — transparency

The app records when members (including contractors) are online, their last-seen time and timezone, and a history of their actions, which administrators can view. We use this only to run the service, coordinate work, and for security — not for covert surveillance. This is disclosed here so that all members are informed. You may object to processing based on legitimate interests (section 7). Activity logs are retained for a limited period (section 6).

5. Who we share it with (processors)

ProcessorPurposeLocation
SupabaseDatabase & authentication[region]
HetznerApplication hostingGermany (EU)
Cloudflare R2Storage of screenshot evidenceEuropean Union

Note:screenshot evidence is stored in Cloudflare R2 (EU region) and retained for 90 days, after which it is deleted. Images are served from an unguessable link and are viewable by anyone who has that link, so avoid attaching screenshots containing others' personal data unless necessary. [Complete a DPA and confirm transfer safeguards for each processor.]

6. How long we keep it

Account and test content are kept for the life of your account. Activity/monitoring logs are automatically deleted after [180 days]. Presence data reflects only your current state and is overwritten in place. When you delete your account (section 7) we erase your personal data.

7. Your rights

Subject to law you may access, export, correct, delete, restrict, or object to our use of your data, and lodge a complaint with a supervisory authority. Two of these are self-service in the app under Settings → Privacy & data: Export my data (access/portability) and Delete my account (erasure). For the others, contact [privacy@vektify.com].

8. Security

Data is encrypted in transit (HTTPS). Access to the database is restricted to the application's authorized operations. We continue to harden the service; no method is perfectly secure.

9. International transfers

Where a processor is outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. [Confirm the mechanism for each processor listed in section 5.]

10. Changes & contact

We will post changes here with an updated date. Questions: [privacy@vektify.com].