PRIVACY POLICY

Last Updated: December 2025

Effective Date: December 2025

1. ABOUT THIS PRIVACY POLICY

This Privacy Policy explains how Better Quality Assurance S.R.L. (“BetterQA,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you:

  • Visit our website at betterqa.co
  • Use our Flows browser extension for test automation
  • Receive marketing communications from us
  • Apply for a position with us
  • Interact with us at events or through professional networks
  • Are researched by us as a potential business contact

Note: If you’re an existing client, your data processing is also governed by our Master Service Agreement and any applicable Data Processing Agreements.

Company Information:

  • Better Quality Assurance S.R.L.
  • Registration Number: RO39687318
  • Address: Strada Transilvaniei 202, Baciu, 407055, Cluj County, Romania
  • Email: office@betterqa.co
  • Phone: +40 751 289 399

2. DATA CONTROLLER

BetterQA is the data controller responsible for your personal data. We determine the purposes and means of processing personal data as described in this policy.

3. INFORMATION WE COLLECT

3.1 Website Visitors

Information You Provide:

  • Contact form submissions (name, email, company, message)
  • Newsletter sign-ups
  • Downloaded resources (whitepapers, guides)
  • Webinar registrations
  • Chat or support inquiries

Information We Collect Automatically:

  • IP address and location data
  • Browser type and version
  • Pages visited and time spent
  • Referral sources
  • Device information
  • Cookie data (see Section 12)

3.2 Marketing and Lead Generation Contacts

Information We Research:

  • Professional contact details from public sources
  • Company information from business directories
  • LinkedIn profiles and professional backgrounds
  • Industry news and press releases
  • Public website contact information
  • Conference attendee lists (where publicly available)

Information from Interactions:

  • Email engagement (opens, clicks)
  • Response to outreach
  • Meeting notes and preferences
  • Interest areas and pain points discussed

3.3 Job Candidates

Information You Provide:

  • Resume/CV details
  • Cover letters
  • Portfolio or work samples
  • Education and certifications
  • Employment history
  • References
  • Salary expectations
  • Interview feedback

Information We Collect:

  • Assessment results
  • Interview notes
  • Reference check information
  • Background verification (with consent)

3.4 Third-Party Sources

Professional Networks:

  • LinkedIn and similar platforms
  • Industry associations
  • Business registries
  • Conference organizers

Data Enrichment:

  • Company databases (Crunchbase, etc.)
  • Public records
  • News and media sources

4. HOW WE USE YOUR INFORMATION

4.1 Website Operations

  • Purpose: Operate and improve our website
  • Legal Basis: Legitimate interests
  • Data Used: Technical data, usage patterns, preferences

4.2 Marketing and Lead Generation

  • Purpose: Identify and contact potential clients
  • Legal Basis: Legitimate interests in business development
  • Data Used: Contact information, company data, industry information

4.3 Communications

  • Purpose: Respond to inquiries and maintain relationships
  • Legal Basis: Legitimate interests / Consent
  • Data Used: Contact details, communication history

4.4 Recruitment

  • Purpose: Evaluate and hire candidates
  • Legal Basis: Pre-contractual steps / Legitimate interests
  • Data Used: Application materials, assessments, references

4.5 Analytics and Improvement

  • Purpose: Understand and improve our marketing effectiveness
  • Legal Basis: Legitimate interests
  • Data Used: Engagement metrics, conversion data, feedback

4.6 Legal Compliance

  • Purpose: Meet legal obligations
  • Legal Basis: Legal obligation
  • Data Used: All data as required by law

4.7 Service Information

  • Purpose: Provide information about our QA services to interested parties
  • Legal Basis: Legitimate interests / Pre-contractual steps
  • Data Used: Contact info, expressed interests, company needs

Note: Actual service delivery is governed by separate agreements

5. LEGAL BASES FOR PROCESSING

We process your personal data under the following legal bases:

  • Consent: When you explicitly agree to specific processing
  • Contract: To fulfill our service agreements with you
  • Legal Obligation: To comply with laws and regulations
  • Legitimate Interests: For business operations that don’t override your privacy rights

6. DATA SHARING AND DISCLOSURE

6.1 Service Providers

We share data with carefully selected providers:

  • Email marketing platforms (Mailchimp, HubSpot, etc.)
  • Analytics services (Google Analytics)
  • CRM systems
  • Recruitment tools
  • Cloud storage providers

6.2 No Sale of Data

We never sell your personal data to third parties.

6.3 Legal Requirements

We may disclose data when required by:

  • Law enforcement requests
  • Court orders
  • Legal proceedings
  • Regulatory compliance

6.4 Business Transfers

In case of merger, acquisition, or sale, your data may transfer to the successor.

6.5 With Consent

We only share data with others when you explicitly agree.

7. LEAD GENERATION AND MARKETING PRACTICES

7.1 How We Source Leads

  • Public business directories and registries
  • Professional networking platforms (LinkedIn)
  • Industry events and conferences
  • Website inquiries and contact forms
  • Referrals from existing clients
  • Publicly available company websites

7.2 Marketing Communications

  • We may contact potential clients about our QA services
  • Initial outreach is based on legitimate business interests
  • You can opt-out at any time using the unsubscribe link
  • We limit contact attempts to avoid being intrusive
  • We personalize communications based on your industry needs

7.3 Your Control

  • Reply STOP or click unsubscribe to opt-out
  • Request removal from our prospect database
  • We maintain suppression lists to honor your preferences

8. INTERNATIONAL DATA TRANSFERS

Your data is primarily processed within the EU/EEA. When we transfer data outside the EU/EEA, we ensure protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Your explicit consent for specific transfers

For US transfers, we may rely on updated transfer mechanisms following the invalidation of Privacy Shield.

9. DATA RETENTION

We retain your data only as long as necessary:

Data Type

Retention Period

Reason

Website visitors

24 months from last visit

Analytics and improvement

Marketing contacts

24 months from last interaction

Business development

Unsubscribed contacts

6 months after unsubscribe

Suppression list maintenance

Job applicants (rejected)

12 months from application

Future opportunities

Job applicants (hired)

Transferred to employee records

Employment relationship

Email communications

3 years

Business records

Technical logs

12 months

Security and debugging

Extension data (cloud)

Duration of subscription

Test automation service

For clients with active contracts, retention is governed by our Master Service Agreement.

10. YOUR PRIVACY RIGHTS

You have important rights regarding your personal data:

  • Access: Request a copy of your data
  • Correction: Fix inaccurate information
  • Deletion: Request we delete your data
  • Opt-out: Unsubscribe from marketing
  • Portability: Receive your data in portable format
  • Object: Oppose certain processing activities

For detailed information about exercising these rights, please see our GDPR Rights page or contact privacy@betterqa.co. We respond to all requests within 30 days.

11. DATA SECURITY

We implement robust security measures:

Technical Measures:

  • Encryption in transit (TLS 1.2+) and at rest
  • Access controls and authentication
  • Regular security audits and penetration testing
  • Intrusion detection systems
  • Secure development practices

Organizational Measures:

  • Data protection training for all staff
  • Confidentiality agreements
  • Limited access on need-to-know basis
  • Incident response procedures
  • Regular security reviews

Certifications:

  • ISO 27001:2013 (Information Security)
  • ISO 9001:2015 (Quality Management)
  • NATO Registered Vendor

12. COOKIES AND TRACKING

We use cookies and similar technologies for:

Essential Cookies

Required for site functionality (no consent needed)

Analytics Cookies

Help us understand site usage (consent required)

Marketing Cookies

Enable targeted advertising (consent required)

You can manage cookies through our cookie consent banner, browser settings, or third-party opt-out tools. For details, see our Cookie Policy at betterqa.co/cookies

13. CHILDREN’S PRIVACY

Our services are B2B focused and not directed at individuals under 18. We don’t knowingly collect data from children. If we discover such data, we’ll promptly delete it.

14. UPDATES TO THIS POLICY

We may update this policy to reflect:

  • Changes in our practices
  • New legal requirements
  • Business developments

We’ll notify you of material changes via email to your registered address, prominent notice on our website, or update to the “Last Updated” date.

15. CONTACT INFORMATION

Data Protection Officer: Email: privacy@betterqa.co | Phone: +40 751 289 399

Postal Address:

Better Quality Assurance S.R.L.

Strada Transilvaniei 202

Baciu, 407055

Cluj County, Romania

Additional Resources:

  • GDPR Rights: betterqa.co/gdpr
  • Cookie Policy: betterqa.co/cookies
  • Terms of Service: betterqa.co/terms

16. BROWSER EXTENSION (FLOWS)

This section applies specifically to the Flows – Browser Automation Testing Chrome extension published by BetterQA.

16.1 Information the Extension Collects

Information You Create:

Data Type

Description

Test Recordings

Browser interactions you record (clicks, inputs, navigation steps)

Element Selectors

CSS and XPath selectors for page elements

Screenshots

Captured during test failures or manual assertions

Test Reports

Execution results, timing data, pass/fail status

Test Suites

Organized groups of test flows

User Settings

Extension preferences and configuration

Information Collected Automatically:

Data Type

Purpose

Authentication Token

Validates your BugBoard subscription

Extension Version

Ensures compatibility with backend services

Error Logs

Debugging (only transmitted if you report an issue)

Information We Do NOT Collect:

  • Browsing history outside of active recording sessions
  • Personal information from websites you test
  • Passwords or sensitive form data (masked by default)
  • Any data from pages when recording is not active
  • Keystrokes or interactions when the extension is idle

16.2 How Extension Data Is Stored

Local Storage (Default):

All test data is stored locally in your browser using Chrome’s storage APIs:

  • Data remains on your device
  • Protected by Chrome’s built-in encryption
  • Deleted when you uninstall the extension or clear extension data

Cloud Storage (Optional – BugBoard Sync):

When you enable BugBoard sync:

  • Data is encrypted in transit using TLS 1.3
  • Stored on secure cloud infrastructure
  • Accessible only to you and authorized team members
  • Retained while your subscription is active

16.3 Extension Permissions

The extension requests browser permissions for specific purposes:

Permission

Purpose

storage, unlimitedStorage

Store test recordings and screenshots locally

scripting, activeTab

Inject recording scripts when you initiate recording

tabs, webNavigation

Track navigation during recording and playback

debugger

Advanced element inspection and event simulation

cookies

Capture/restore cookie state for consistent test execution

webRequest

Record API calls made during testing

downloads

Export test reports and generated code

notifications

Alert you when tests complete or encounter errors

host_permissions (<all_urls>)

Access any website you choose to test

Important: Permissions are only exercised when you actively initiate recording or test playback. The extension does not access pages or run in the background without your explicit action.

16.4 Third-Party Services

The extension connects to:

Service

Purpose

Data Shared

BugBoard API (bugboard.co)

Authentication, optional sync

Account credentials, test data (if sync enabled)

AI Services (optional)

Selector healing suggestions

Anonymized element context

GitHub API (optional)

Version control for flows

Flow definitions, test suites

16.5 Sensitive Data Handling

  • Password fields: Input values are masked (••••••) by default
  • Sensitive inputs: Configure custom masking rules in Settings > Privacy
  • Encryption option: Enable “Encrypt secrets” for additional protection
  • Local-only mode: Use the extension without any server connection

16.6 Extension Data Retention

Data Type

Retention Period

Local browser storage

Until you clear it or uninstall the extension

BugBoard cloud data

While your subscription is active

Deleted account data

Purged within 30 days of account deletion

Extension error logs

90 days

16.7 Your Extension Privacy Controls

Access & Export:

  • View stored data: Settings > Privacy > View Stored Data
  • Export individual flows: Right-click flow > Export
  • Export all data: Settings > Data > Export All

Deletion:

  • Delete individual flows: Right-click > Delete
  • Clear all local data: Settings > Privacy > Clear All Data
  • Delete BugBoard account: Contact support@betterqa.co

Opt-Out Options:

  • Disable cloud sync: Use extension in offline mode
  • Disable AI features: Settings > AI > Disable
  • Disable usage analytics: Settings > Privacy > Disable Analytics

Your privacy matters to us. We’re committed to transparent, lawful, and secure processing of your personal data. If you have any questions or concerns, please don’t hesitate to contact us.