Smooth Deploy Privacy Policy

Last Updated: February 2026

This Privacy Policy describes how Smooth Deploy ("we," "us," or "our") collects, uses, and shares information when you use our test automation platform and related services (the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Organization name (if applicable)
• Billing information (processed by our payment provider)

1.2 Customer Data

When you use our Service, you may upload or create:

• Test scripts and configurations
• Selectors and test step definitions
• Shared steps and reusable components
• Environment variables and test parameters
• Secrets and credentials (encrypted)

1.3 Test Artifacts

When tests are executed, we may collect and store:

• Screenshots captured during test execution
• Video recordings of test runs
• Playwright trace files
• Browser console logs
• Network request logs
• Test execution results and timing data

Important Note: Screenshots and other artifacts may capture content from websites and applications you test ("Test Targets"). You are responsible for ensuring you have the right to capture such content and for any personal data that may appear in these artifacts.

1.4 Usage Data

We automatically collect information about how you interact with the Service:

• Features used and actions taken
• Test execution statistics
• Session duration and frequency
• Browser type and version
• Device type and operating system
• IP address (for security and geolocation)
• Application errors and diagnostic data

1.5 Application Diagnostics

Across both our web and desktop applications, we may collect:

• Local execution logs and diagnostics
• Application errors and crash reports
• Browser installation and version information

The Desktop App primarily operates locally. Test data only syncs to our cloud when you explicitly save or execute tests remotely.

2. How We Use Your Information

2.1 Providing the Service

We use your information to:

• Create and manage your account
• Execute and store tests
• Generate and serve test artifacts
• Provide technical support
• Send service-related communications (billing, updates, security notices)

2.2 Improving the Service

We use aggregated and anonymized usage data to:

• Understand how the Service is used
• Identify and fix bugs
• Develop new features
• Improve performance and reliability

2.3 Communication

With your consent, we may send:

• Product updates and announcements
• Tips and best practices
• Survey requests

You can opt out of marketing communications at any time.

2.4 Security and Compliance

We use information to:

• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3. How We Share Your Information

3.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or Customer Data to third parties.

3.2 Service Providers

We share information with trusted service providers who assist in operating our Service:

Infrastructure and Hosting

• Amazon Web Services (AWS) - Cloud infrastructure, data storage, and compute
  • Location: EU (Ireland), with potential expansion to additional regions
  • Data stored: Customer Data, test artifacts, application data

Payment Processing

• Lemon Squeezy - Payment processing and subscription management
  • Acts as Merchant of Record
  • Receives: Billing name, email, payment information
  • We do not store your complete payment card information

Analytics

• PostHog - Product analytics and error tracking
  • Receives: Usage data, feature interactions, user identifiers (when analytics is enabled in your settings)
  • Used in both web and desktop applications
  • Purpose: Understanding product usage, error tracking, and improving the Service

Customer Communication

• Crisp - Customer chat and support
  • Receives: Name, email, chat messages
  • Used in both web and desktop applications
  • Purpose: Providing customer support

3.3 Subprocessor Changes

We will notify customers via email at least thirty (30) days before engaging any new subprocessor that will process personal data or Customer Data. The notification will identify the new subprocessor and describe the processing activity. You may object to a new subprocessor within the notice period by contacting us at support@smoothdeploy.com.

3.4 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities (such as a court or government agency).

3.5 Business Transfers

If Smooth Deploy is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.6 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

4. Data Storage and Security

4.1 Data Storage Infrastructure

Your data is stored using the following infrastructure:

Test Artifacts (screenshots, traces, videos, logs)

• Stored in Amazon S3 with encryption at rest (AES-256)
• Served via Amazon CloudFront with signed cookies for access control
• Access restricted to your organization

Secrets and Credentials

• Stored in AWS Secrets Manager
• Encrypted using AWS Key Management Service (KMS)
• Never stored in plaintext in our databases
• Decrypted only at runtime during test execution

Application Data (tests, configurations, user accounts)

• Stored in Amazon RDS (PostgreSQL)
• Encryption at rest and in transit (TLS 1.2+)
• Regular automated backups

4.2 Data Location

Primary data storage is in AWS eu-west-1 (Ireland), which is within the European Economic Area. This location provides GDPR-compliant data residency for EU customers.

4.3 Security Measures

We implement security measures including:

• Encryption of data at rest and in transit
• Access controls and role-based permissions
• Regular security assessments
• Monitoring and logging of access
• Employee security training

4.4 Data Retention

During Active Subscription:

• Account information: Retained while your account is active
• Test definitions and configurations: Retained while your subscription is active
• Test artifacts: Retained according to your plan (30-90 days)
• Usage data: Retained for analytics purposes

After Subscription Ends:

• Customer Data (tests, configurations, secrets, artifacts): Retained for 90 days to allow export, then permanently deleted from our systems (Amazon RDS, S3, and Secrets Manager). May be deleted on demand upon request
• Account information (name, email): Deleted when your account is deleted. We do not retain personal information after account deletion
• Payment and billing data: We do not store payment card information. Our payment processor (Lemon Squeezy) may retain billing records for longer in accordance with their privacy policy and applicable legal obligations
• Aggregated analytics: Retained indefinitely in anonymized form

4.5 Data Breach Notification

In the event of a security breach affecting your personal data or Customer Data, we will notify affected users within seventy-two (72) hours of becoming aware of the incident. Notification will include the nature and scope of the breach, the data affected, steps we are taking to address it, and recommendations for protective measures you can take. Where required by law, we will also notify the relevant supervisory authority.

5. Your Rights and Choices

5.1 Access and Portability

You have the right to:

• Access your personal information and Customer Data
• Export your tests in standard Playwright format
• Download test artifacts and execution history
• Request a copy of personal data we hold about you

5.2 Correction

You can update your account information at any time through the Service. Contact us if you need to correct other personal information.

5.3 Deletion

You have the right to request deletion of your personal information and Customer Data. To request deletion:

• Delete your account through the Service settings, or
• Contact us at support@smoothdeploy.com

Note that we may retain certain information as required by law or for legitimate business purposes.

5.4 Objection and Restriction

You have the right to:

• Object to processing of your personal information
• Request restriction of processing in certain circumstances
• Opt out of marketing communications

5.5 Data Portability

You can export your Customer Data at any time. Tests are stored in standard Playwright code format that can be used independently of our Service.

5.6 Exercising Your Rights

To exercise any of these rights, contact us at support@smoothdeploy.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

6. International Data Transfers

6.1 Data Location

Our primary data processing occurs in the European Union (AWS eu-west-1, Ireland). Some service providers may process data in other locations.

6.2 Transfer Safeguards

When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Certification under recognized frameworks

6.3 EU-U.S. Data Transfers

For transfers to the United States, we rely on Standard Contractual Clauses and service provider commitments to data protection.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use essential cookies to:

• Maintain your session and authentication
• Remember your preferences
• Ensure security

7.2 Analytics

We use PostHog to collect analytics data. This helps us understand how the Service is used and improve it. You can opt out of analytics tracking in your account settings.

7.3 Third-Party Cookies

Our Service may include cookies from third-party services like Crisp (chat support). These are subject to those services' privacy policies.

7.4 Your Choices

You can opt out of analytics tracking in your account settings. Since the Service requires authentication, your use of the Service constitutes acceptance of the cookies described in this section as part of the Terms of Service you agreed to at signup.

8. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email to your registered address
• Displaying a notice in the Service

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on the following legal grounds:

Contract Performance

• Account creation and management
• Providing the Service
• Processing payments

Legitimate Interests

• Improving and developing the Service
• Security and fraud prevention
• Customer support

Legal Obligation

• Tax and accounting requirements
• Responding to legal requests

Consent

• Marketing communications
• Optional analytics

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Analytics data is used only in aggregate for service improvement and is not used to make decisions about individual users.

13. Data Protection Contact

For privacy inquiries, you may contact our designated privacy contact at:

Email: support@smoothdeploy.com

14. Supervisory Authority

If you are in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15. Israeli Privacy Law

As a company based in Israel, we comply with the Privacy Protection Law, 5741-1981 and its regulations. The Israeli Privacy Protection Authority (PPA) oversees data protection compliance in Israel. For inquiries under Israeli privacy law, contact us at support@smoothdeploy.com.

16. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of sale of personal information (we do not sell personal information)
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your rights

Do Not Track: We do not currently respond to Do Not Track (DNT) browser signals. You can opt out of analytics tracking in your account settings.

To exercise these rights, contact us at support@smoothdeploy.com.

17. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Smooth Deploy Beer Sheva, Israel Email: support@smoothdeploy.com

For general inquiries: support@smoothdeploy.com

By using Smooth Deploy, you acknowledge that you have read and understood this Privacy Policy.