Privacy Policy

Last updated: April 21, 2026

At onTest (“we”, “our”, or “us”), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform at ontest.app.

1. Information We Collect

1.1 Account Information

When you register for an onTest account, we collect:

  • Your email address (required for authentication)
  • Your full name (provided during registration or via Google OAuth)
  • Authentication tokens (managed securely by our auth provider)

1.2 App Information

When you submit an app for testing, we collect:

  • App package name (e.g., com.yourapp.name)
  • App display name
  • APK size
  • Play Store opt-in URL (if provided)
  • Testing account credentials (if your app requires login — stored encrypted)

1.3 Payment Information

We use Paddle as our payment processor and Merchant of Record. When you make a purchase, Paddle collects and processes your payment information directly. We do not store credit card numbers, CVVs, or other sensitive payment data on our servers. We only receive order confirmation data (order ID, amount, customer email) from Paddle via webhook.

For Paddle's privacy practices, see Paddle Privacy Policy.

1.4 Usage Data

We automatically collect:

  • IP address (for security and abuse prevention)
  • Browser type and version
  • Pages visited and actions taken on our platform
  • Session timestamps

2. How We Use Your Information

We use your information to:

  • Provide and maintain the onTest platform
  • Process your app testing requests
  • Send transactional emails (order confirmations, daily progress reports, completion notifications)
  • Respond to customer support inquiries
  • Prevent fraud, abuse, and security incidents
  • Improve our platform based on usage patterns

3. How We Share Your Information

We share your information only with:

  • Supabase — our database and authentication provider (data storage)
  • Vercel — our hosting provider (infrastructure)
  • Paddle — our payment processor (transaction handling)
  • Our testers— your app's package name and opt-in URL are shared with our pool of verified testers (required for the platform to function)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement industry-standard security measures:

  • All data transmitted via HTTPS (TLS encryption)
  • Passwords are hashed using bcrypt
  • Test account credentials are encrypted at rest
  • Database access restricted via Row-Level Security (RLS)
  • Regular security updates to our infrastructure

However, no system is 100% secure. If a breach occurs, we will notify affected users within 72 hours.

5. Data Retention

We retain your data as follows:

  • Account data: As long as your account is active, plus 90 days after deletion
  • App testing data: 12 months after the testing period ends
  • Payment records: 7 years (for tax and legal compliance)
  • Logs and analytics: 30 days

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your data
  • Correction: Fix inaccurate information
  • Deletion: Delete your account and associated data
  • Portability: Export your data in a machine-readable format
  • Objection: Opt out of certain data processing

To exercise these rights, email us at hello@ontest.app.

7. GDPR (European Union)

If you are in the European Union, we process your data based on the following legal bases:

  • Contract: To deliver the onTest platform you signed up for
  • Legitimate interest: For security, fraud prevention, and platform improvement
  • Consent: For optional communications and analytics

You can contact us at hello@ontest.app for GDPR-related inquiries.

8. Children's Privacy

onTest is not intended for users under 18. We do not knowingly collect personal information from minors. If we learn we have collected data from a minor, we will delete it immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence (including the United States and Ireland, where our infrastructure providers are located). By using onTest, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on our platform. Continued use of onTest after changes means you accept the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at hello@ontest.app.