Privacy Policy

TL;DR

QualityPilot scans your GitHub repositories to analyze test health. We read test file metadata and contents via the GitHub API to generate your scan report. Your source code is never stored. Scan results (grade, flaky patterns, file names) are stored to power your scan history.

What we collect

• GitHub profile data — your GitHub username, email address, display name, avatar URL, and numeric GitHub ID. Collected via GitHub OAuth when you sign in.
• GitHub access token — stored encrypted at rest, used to fetch repo content on your behalf when you trigger a scan. Scoped to read:user user:email repo.
• Scan results — the output of each scan: repo name, primary language, health grade, flaky test patterns detected, scan timestamp. No source code.
• Subscription data — if you upgrade to Pro: Stripe customer ID, subscription status, billing period. Payment details are handled by Stripe, never by us.
• Scheduled scans — if you enable scheduled scans: list of repo names + frequency (daily/weekly) and last run timestamp.

What we do NOT store

• Your source code.
• Full test file contents after scanning.
• Credit card numbers (handled by Stripe).
• IP addresses or browser fingerprints beyond Vercel's request logs.

Subprocessors

• Vercel — hosting and edge network
• Supabase — Postgres database for user accounts, subscriptions, and scan history (EU region)
• GitHub — OAuth authentication + repo reading
• Stripe — payment processing for Pro tier
• Resend — transactional email (Pro health-drop notifications)

Your rights

You can request export or deletion of all your data by emailing support@qlens.dev. Turnaround: 30 days or less.

You can revoke QualityPilot's GitHub access any time at github.com/settings/applications. After revocation, scheduled scans stop immediately.

Data retention

Scan results: retained while your account exists. Deleted on account deletion. Stripe records are retained per Stripe's policies.

Contact

Questions: support@qlens.dev