The European Union General Data Protection Regulation (GDPR) is a data privacy law that applies to all companies processing the personal data of people in the EU, regardless of the company’s location. Overall, the GDPR was created to further safeguard data privacy for citizens of the EU, while standardizing data privacy laws in Europe and changing how organizations manage data privacy.

TestCaseLab is committed to privacy and has implemented a GDPR compliance program. Here is an overview of the key steps TestCaseLab has taken to comply with the GDPR:

• Data processing agreements: When we act as a Data Processor, we ask our customers to sign our GDPR-compliant Customer Data Processing Addendum which contains provisions required by Article 28 of the GDPR. In addition, we ask vendors processing Personal Data on our behalf or on behalf of our customers to sign our GDPR-compliant Vendor Data Processing Addendum.
• Cross-border data transfers: We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Data from the EU to other regions. In particular, we transfer Personal Information to countries for which adequacy decisions have been issued by the European Commission or use contractual protection for the transfer of Personal Data to third parties, such as the European Commission’s standard contractual clauses. For additional information, please ask us for the "International Transfer Procedure" document.
• Privacy policy: We have updated our Privacy Policy to comply with the GDPR and provide enhanced transparency to our consumers, including their new GDPR rights.
  Legal ground for the processing and consent: When we act as a Data Controller, we only process EU Personal Data based on a valid legal ground. To learn more about the legal grounds on the basis of which we process EU Personal Data, please visit our Privacy Policy.
• Cookies and similar technologies: We have implemented tools on our EU websites to obtain consent for the use of cookies and similar technologies.
• Data security: We have implemented appropriate technical and organizational measures to protect the security of EU Personal Data. For additional information, please ask us for the "Records Retention and Protection Policy", "Information Security Policy", "Access Control Policy" documents.

TestCaseLab is the data controller for data derived from activity on TestCaseLab. Where TestCaseLab is the controller, we use that data in accordance with our Privacy Policy.

TestCaseLab may be your data processor. For example, when you import your Test Cases to TestCaseLab, we act as your data processor. TestCaseLab’s controller and processor activities are determined by the terms governing your use of our services and our Privacy Policy.

We store data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information, such as name, email address, when customers sign up for our products and services or seek support help. We also may collect other identifying information from our customers, such as IP address, SSH public keys or Oauth tokens for external services.

We separately act as a data processor when customers use our services to process EU personal data, such as uploading personal data to TestCaseLab. Customers decide what personal data, if any, is uploaded to our application.

Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their company account and request that all personal data we have collected and stored is deleted. Company account is deleted automatically after six months of total inactivity.

While we don’t have a map of TestCaseLab data we can share publicly, our Privacy Policy describes how we collect, store, use, and share personal data.