FlowTester

Privacy Policy

Effective Date: February 5, 2026 | Last Updated: February 5, 2026

1. Introduction

FlowTester ("Company," "we," "us," or "our") operates the FlowTester web application and platform accessible at flowtester.ai (the "Service"). FlowTester is an AI agent testing platform that enables users to test how AI agents interact with websites across different large language models (LLMs), providing live video feeds, synchronized action logs, and structured test reports.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our Service. By accessing or using FlowTester, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue use of the Service immediately.

This Privacy Policy applies to all users of the Service, including individual users, organizational administrators, and team members invited to an organization.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register for FlowTester, we collect your name, email address, and encrypted password. If you register via a third-party authentication provider (such as GitHub or GitLab), we receive your name, email address, and account identifier from that provider.
  • Organization and Team Data: If you create or join an organization, we collect the organization name, team member email addresses, and assigned roles and permissions.
  • Test Instructions and Content: We collect the natural language test instructions you write, test suite configurations, project settings, and any metadata you associate with your tests.
  • Payment and Billing Information: When you purchase credits, we collect billing information necessary to process your transaction. Payment card details are processed directly by our third-party payment processor and are not stored on our servers.
  • Repository Connections: If you connect a GitHub or GitLab repository, we collect repository identifiers, webhook configurations, and deployment event metadata necessary to trigger automated test runs. We do not access or store your source code.
  • Communications: If you contact us for support or provide feedback, we collect the content of your communications and any information you voluntarily provide.

2.2 Information Collected Automatically

  • Usage Data: We automatically collect information about your interactions with the Service, including pages visited, features used, test execution history, timestamps, click patterns, and session duration.
  • Device and Technical Data: We collect your IP address, browser type and version, operating system, device type, unique device identifiers, screen resolution, and language preferences.
  • Log Data: Our servers automatically record information including your IP address, access times, referring URLs, and API request details.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies as described in Section 8 of this Privacy Policy.

2.3 Test Execution Data

When you run tests through FlowTester, the Service executes AI agent interactions on third-party websites using browser automation. During this process:

  • We record video feeds and screenshots of the browser session for your review and debugging purposes.
  • We capture and store action logs that document the AI agent's interactions with the target website.
  • We generate structured test reports including pass/fail status, issues detected, and optimization recommendations.
  • We may temporarily process data visible on the target website's pages during test execution, though we do not systematically collect or store content from third-party websites beyond what is necessary for test reporting.

2.4 Information from Third Parties

  • Authentication providers (GitHub, GitLab) when you use single sign-on.
  • Payment processors regarding transaction status and billing verification.
  • Analytics and monitoring services that help us understand Service usage patterns.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the FlowTester platform, execute your test instructions, generate test reports, and deliver video feeds and action logs.
  • Account Management: To create and manage your account, process credit purchases, authenticate your identity, and manage organizational roles and permissions.
  • Communication: To send you transactional notifications (such as test completion alerts, credit balance updates, and team invitations), respond to your inquiries, and provide customer support.
  • CI/CD Integration: To process webhook events from your connected repositories and trigger automated test runs based on your configured deployment events.
  • Analytics and Improvement: To analyze usage patterns, diagnose technical issues, optimize performance, and develop new features and functionality.
  • Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, fraud, and other illegal activities.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Within Your Organization

If you are part of an organization on FlowTester, organizational administrators may have access to your usage data, test results, and account activity within the organization in accordance with the roles and permissions configured for that organization.

4.2 Service Providers

We engage trusted third-party service providers who perform services on our behalf, including:

  • Cloud infrastructure and hosting providers (Amazon Web Services)
  • Payment processing providers
  • Email delivery services (Amazon SES)
  • Analytics and monitoring services
  • AI model providers (for executing test instructions using the LLMs you select)

These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.

4.3 AI Model Providers

When you execute a test, the natural language instructions you provide are transmitted to the AI model provider you select (such as OpenAI, Google, Anthropic, or others). Each provider processes this data according to its own privacy policy and terms of service. We encourage you to review the privacy policies of any AI model provider you use through FlowTester.

4.4 Legal Requirements and Protection

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or governmental request; (b) protect and defend the rights or property of FlowTester; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of such transaction. We will notify you via email and/or a prominent notice on the Service prior to your personal information becoming subject to a different privacy policy.

5. Data Retention

We retain all personal information, test data, test results, video recordings, action logs, and all other data associated with your account for the entire duration that your account remains active. This includes all account data, test instructions, test suite configurations, project settings, billing and transaction records, usage data, and any other information collected through your use of the Service.

You may delete specific tests, test suites, projects, or other content through the Service interface at any time. Deleted content may persist in backup systems for a limited period before being permanently removed.

Upon account deletion or termination, we will delete or anonymize your personal information within 30 days, except for data we are required to retain for legal, regulatory, or legitimate business purposes. Billing and transaction records may be retained for as long as required by applicable tax and financial regulations.

6. Data Security

We implement and maintain appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL and at rest using AES-256 encryption.
  • Secure password hashing using industry-standard algorithms.
  • Role-based access controls and the principle of least privilege for internal systems.
  • Regular security assessments and vulnerability testing.
  • Incident response procedures and breach notification processes.
  • Infrastructure hosted on AWS with SOC 2 and ISO 27001 certified data centers.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and you acknowledge and accept this inherent risk.

7. Your Rights and Choices

7.1 Account Controls

You may access, update, or correct your account information at any time through the FlowTester dashboard. You may delete specific tests, test suites, or projects through the Service interface.

7.2 Data Subject Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You may request that we correct inaccurate or incomplete personal information.
  • Right to Erasure: You may request deletion of your personal information, subject to our legal retention obligations.
  • Right to Restriction: You may request that we restrict the processing of your personal information under certain circumstances.
  • Right to Data Portability: You may request a copy of your data in a structured, machine-readable format.
  • Right to Object: You may object to the processing of your personal information for certain purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@flowtester.ai. We will respond to your request within the timeframe required by applicable law.

7.3 Account Deletion

You may request deletion of your account by contacting us at privacy@flowtester.ai. All data associated with your account is retained for the lifetime of the account. Upon account deletion, we will delete or anonymize your personal information within 30 days, except for data we are required to retain for legal, regulatory, or legitimate business purposes. If you are the sole administrator of an organization, you must transfer ownership or delete the organization before your account can be deleted.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of the Service, including authentication, session management, security, and load balancing. These cookies cannot be disabled.
  • Functional Cookies: Enable personalization features such as your language preferences, dashboard layout, and notification settings.
  • Analytics Cookies: Help us understand how users interact with the Service, which features are most popular, and where users encounter errors. We use this data to improve the Service.

8.2 Cookie Management

You can manage your cookie preferences through the cookie settings accessible in the Service footer. You can also control cookies through your browser settings. Please note that disabling strictly necessary cookies may impair the functionality of the Service.

8.3 Do Not Track

Some web browsers transmit "Do Not Track" signals. As there is no industry-standard protocol for interpreting such signals, the Service does not currently respond to Do Not Track signals.

9. International Data Transfers

FlowTester is operated from the European Union and the United States. Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction.

Where we transfer personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not received an adequacy decision, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission, or rely on other lawful transfer mechanisms.

By using the Service, you acknowledge that your information may be transferred internationally as described in this section.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@flowtester.ai.

11. Third-Party Links and Services

The Service may contain links to third-party websites, services, or integrations (including GitHub, GitLab, and AI model provider dashboards). This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with FlowTester. We are not responsible for the privacy practices or content of third-party services.

12. Legal Basis for Processing

If you are located in the EEA or the United Kingdom, we process your personal information on the following legal bases:

  • Performance of Contract: Processing necessary to provide you with the Service in accordance with our Terms of Service, including account management, test execution, and billing.
  • Legitimate Interests: Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and conducting analytics, where such interests are not overridden by your fundamental rights.
  • Consent: Where you have given us specific consent to process your data for a particular purpose, such as receiving marketing communications.
  • Legal Obligation: Processing necessary for compliance with legal obligations to which we are subject.

13. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and its amendments, including:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale or sharing of your personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise your California privacy rights, please contact us at privacy@flowtester.ai.

14. Limitation of Liability

To the maximum extent permitted by applicable law, FlowTester shall not be liable for any unauthorized access to, alteration of, or destruction of your personal information resulting from factors beyond our reasonable control, including but not limited to: hacking, cyberattacks, failures of third-party service providers, force majeure events, or your failure to maintain the security of your account credentials.

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account.

15. Disclaimer

FlowTester executes AI agent interactions on third-party websites as directed by your test instructions. We do not control the content, functionality, or availability of third-party websites and are not responsible for any personal data that may be visible on or collected by such websites during test execution. You are responsible for ensuring that your use of FlowTester complies with all applicable laws and the terms of service of any third-party websites you test.

The test results, AI agent readiness scores, and optimization recommendations provided by FlowTester are generated using AI models and automated analysis. They are provided for informational purposes only and do not constitute professional, legal, or technical advice. FlowTester makes no warranties regarding the accuracy, completeness, or reliability of such outputs.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on the Service and updating the "Last Updated" date at the top of this document. For material changes, we will also provide notice via email to the address associated with your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

FlowTester
Email: privacy@flowtester.ai
Website: https://flowtester.ai

By using FlowTester, you acknowledge that you have read and understood this Privacy Policy.

Privacy Policy | FlowTester