Information We Collect
When you create an account, we collect your name, email address, and encrypted password. For Principal accounts, we also store a hashed version of your secret phrase.
When you place orders, we collect shipping address information and a record of the products ordered. Payment card numbers used in QA Shop are test-only numbers and are not stored.
We automatically collect basic usage data including pages visited, browser type, and session duration to improve the platform experience.
How We Use Your Information
Your account information is used to authenticate you, manage your session, and provide role-based access to platform features.
Order data is used to process and display your order history. Shipping addresses are stored to pre-fill future checkout forms.
Usage analytics help us identify which features are most used and where the platform can be improved.
Data Storage & Security
All data is stored in Supabase with Row Level Security (RLS) policies ensuring users can only access their own data. Admin users have broader access for platform management purposes.
Passwords are hashed using bcrypt before storage. Secret phrases for Principal accounts are also hashed and never stored in plaintext.
All communication between your browser and our servers is encrypted via HTTPS/TLS.
Third-Party Services
Supabase — Database hosting, authentication, and file storage. Data is stored in their cloud infrastructure.
Vercel — Application hosting and deployment. Handles request routing and serverless function execution.
QA Shop does not share, sell, or transfer your personal data to any other third parties.
Your Rights
You can view and update your personal information from your Account Settings page at any time.
You can request deletion of your account and all associated data by contacting support. Account deletion is permanent and cannot be undone.
You can export your order history from the Orders page.
Crash Reporting
We use Sentry to collect crash reports and performance traces so we can diagnose and fix issues quickly. This processing is performed under our legitimate interest (GDPR Art. 6(1)(f)) in operating a reliable service.
Before any error event leaves your browser, personally identifiable data (emails, phone numbers, API keys, form values, cookies, and authorization headers) is scrubbed. No session replay or behavioural tracking is enabled.
You can opt out any time from your account settings page — error reports from your session will stop immediately.
Contact
For privacy-related questions or data requests, contact us at our contact page or email privacy@qashop.example.com.