Privacy Policy

1. Information We Collect

1.1 Account Information

When you register for Trulit, we collect:

• Name and email address
• Organization name and details
• Job title and role information
• Password (encrypted and securely stored)

1.2 Test Management Data

To provide our services, we store:

• Test cases, test suites, and test runs
• Defect reports and tracking information
• Project settings and configurations
• Comments, attachments, and collaboration data
• Custom fields and workflow configurations

1.3 Usage and Analytics

We automatically collect:

• Log data (IP address, browser type, pages viewed)
• Device information and operating system
• Feature usage patterns and session data
• Performance metrics and error logs

2. How We Use Your Information

We use collected information to:

• Provide Services: Deliver, maintain, and improve Trulit's test management features
• Account Management: Create and manage your account, authenticate users, and provide support
• Analytics: Analyze usage patterns to enhance user experience and platform performance
• Communications: Send service updates, security alerts, and respond to inquiries
• Compliance: Meet legal obligations and enforce our Terms of Service
• Product Development: Develop new features and improve existing functionality

3. Data Storage and Security

3.1 Infrastructure

Trulit uses enterprise-grade cloud infrastructure with robust security controls. All data is encrypted in transit using TLS/SSL and at rest by our cloud infrastructure provider.

3.2 Security Measures

• Regular security audits and vulnerability assessments
• Role-based access control (RBAC) for data protection
• Automated backup and disaster recovery systems
• Continuous monitoring for suspicious activity
• Employee access controls and security training

3.3 Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, data is permanently removed within 90 days unless required by law to retain longer.

4. Your Rights (GDPR & CCPA Compliance)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Data Portability: Export your data in a machine-readable format
• Restrict Processing: Limit how we use your data
• Object: Opt-out of certain data processing activities
• Withdraw Consent: Revoke previously given consent at any time

To exercise these rights, contact us at privacy@trulit.com. We will respond within 30 days.

5. Third-Party Services

Trulit integrates with the following third-party services:

• Supabase: Database and authentication infrastructure
• Stripe: Payment processing (we do not store credit card information)
• Email Services: Transactional emails and notifications
• Analytics Providers: Usage analytics and performance monitoring

These providers have their own privacy policies. We ensure all third-party vendors comply with applicable data protection regulations.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Track usage patterns to improve the platform
• Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings. Note that disabling essential cookies may limit platform functionality.

7. International Data Transfers

Trulit operates globally and may transfer data across borders. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and compliance with GDPR requirements for international transfers.

8. Children's Privacy (COPPA Compliance)

Trulit is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child's data has been collected, we will delete it immediately.

9. Data Breach Notification (Article 33)

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
• Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
• Document the breach including its nature, the categories and approximate number of individuals affected, the likely consequences, and the measures taken to address it
• Provide clear communication including a description of the breach, contact details for our data protection point of contact, and recommended steps users should take to protect themselves

We maintain internal incident response procedures to ensure timely detection, assessment, and notification of data breaches in compliance with applicable data protection regulations.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you via email or through a prominent notice on our platform at least 30 days before the changes take effect.

11. Contact Us

For privacy-related questions or concerns, please reach out through our contact form.