Test-Lab.ai Logo

Privacy Policy

Last updated: 5/14/2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Email addresses for account registration
  • Testing prompts and URLs you submit through the Service
  • Usage data and analytics about how you interact with the Service
  • Device information, browser type, and IP address

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Send you product updates, launch announcements, and marketing communications
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent or at your direction
  • With service providers who perform services on our behalf
  • To comply with legal obligations or respond to lawful requests
  • To protect the rights, property, and safety of Test-Lab.ai and our users

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

6. Your Rights

You have the right to:

  • Access and receive a copy of your personal information
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Opt-out of marketing communications
  • Object to or restrict certain processing of your information

7. Cookies and Tracking

We use cookies and similar tracking technologies to collect usage information and improve your experience. You can control cookies through your browser settings.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

9. Chrome Browser Extension (Test-Lab.ai Tunnel)

This section applies specifically to the Test-Lab.ai Tunnel Chrome extension and supplements the general terms above. The extension relays HTTP traffic from Test-Lab.ai cloud tests to URLs reachable only from the user's own browser (localhost development servers, staging behind SSO, VPN-only intranet hosts).

What the extension stores locally

  • Account email: cached in chrome.storage.local so the popup can display which Test-Lab.ai account is connected. Rendered in the popup UI only.
  • Tunnel-scoped API key: issued by Test-Lab.ai when you click “Connect”. Stored in chrome.storage.local. The scope is limited to opening a tunnel session; the key cannot trigger test runs, read project data, or perform any other account action.
  • Tunnel session token (JWT): a short-lived (1 hour) authentication token minted from the API key. Stored in chrome.storage.local and automatically refreshed.

These values never leave your machine except when sent back to Test-Lab.ai servers to authenticate the tunnel WebSocket.

Website content (HTTP request and response data)

When you run a Test-Lab.ai test with tunnel mode enabled, the test runner sends HTTP request specifications to the extension over an authenticated WebSocket. For each request, the extension performs the fetch from your browser to the URL your test targets, and streams the response (status, headers, body bytes) back to the test runner so the test can observe it.

This traffic passes through the extension in memory only, for the duration of a single request. We do not persist, log, analyze, or examine the contents. The extension does not read page DOM, inject scripts, access tabs outside the tunnel path, or touch cookies, history, clipboard, bookmarks, or downloads.

All relayed HTTP requests use credentials: “omit”. Your browser's logged-in cookies are never attached to a relayed request. Tests cannot impersonate you to sites where you are signed in.

Browser permissions the extension requests

  • storage: persist the API key, session token, and cached email across Chrome restarts and Manifest V3 service worker hibernation.
  • alarms: wake the service worker on a 30-second heartbeat to keep the tunnel WebSocket alive.
  • Host permission for https://*.test-lab.ai/*: the single origin the extension contacts on its own initiative.

What the extension does NOT do

  • Does not collect browsing history or web activity.
  • Does not track tabs, clicks, scrolls, or keystrokes.
  • Does not read page content, clipboard, bookmarks, or downloads.
  • Does not inject scripts into web pages.
  • Does not run remote code. All JavaScript is bundled at build time.
  • Does not sell or transfer user data to third parties.

How to revoke access or delete data

  • Click “Sign out” in the extension popup to clear the local credentials.
  • Revoke the tunnel-scoped API key from your Test-Lab.ai account's API keys page at any time.
  • Uninstall the extension from chrome://extensions to remove all locally stored data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a prominent notice on the Service.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise any of the rights described above, please contact us at hello@test-lab.ai.

Privacy Policy | Test-Lab.ai