Privacy Policy

Last updated: May 12, 2026

This Privacy Policy explains how 12AppTester ("we", "us") collects, uses, and protects information when you use 12AppTester.com.

1. Information we collect

• Account information — your name, email address, and profile photo, collected via Google OAuth when you sign in.
• Campaign information — the app name, package name, and screenshots you submit when starting a QA engagement.
• Payment information — handled entirely by Paddle.com Market Limited, our Merchant of Record. We receive only a transaction reference and the purchased plan; we do not store your card details.
• Usage data — pages visited, actions taken in the dashboard, IP address, browser user-agent, and timestamps, for security and product improvement.
• QA artifacts — bug reports, screenshots, and notes produced by our QA team during your engagement and stored against your campaign.

2. How we use your information

• To deliver the QA testing service you purchased.
• To authenticate you and protect your account.
• To process payments via Paddle and respond to refund requests.
• To communicate operational updates about your engagement.
• To improve our product and prevent abuse of the platform.

3. Third parties we share data with

• Google — for OAuth sign-in.
• Paddle — for payment processing as Merchant of Record.
• Supabase — our database and storage provider.
• Our QA engineers — receive your app information and any briefing notes you provide in order to perform the contracted testing.

We do not sell your personal information.

4. Data retention

We retain account information for as long as your account is active. QA artifacts associated with completed engagements are retained for 12 months by default so you can re-download your reports. You may request earlier deletion by contacting us.

5. Your rights

Depending on your jurisdiction (including GDPR for EEA users and similar regimes elsewhere), you have rights to access, correct, port, or request deletion of your personal data. To exercise these rights, contact us via the contact page. We respond within 30 days.

6. Cookies

We use session cookies set by our authentication provider (NextAuth) to keep you signed in. We do not use third-party advertising or tracking cookies.

7. Security

We use industry-standard encryption (HTTPS) for data in transit and rely on Supabase's managed encryption for data at rest. Access to production systems is restricted to authorized personnel.

8. International transfers

We operate from Bangladesh. By using the Service, you consent to the transfer of your personal data to Bangladesh and the regions where our service providers (Supabase, Google, Paddle) operate.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be announced on this page with a revised "Last updated" date.

10. Contact

For privacy questions or to exercise your rights, reach us via the contact page.