Privacy Policy

Last updated: April 14, 2026

1. Introduction

Release Assurance ("we," "our," or "us") operates the releaseassurance.com website and the Release Assurance platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

Information You Provide

• Account information: name, email address, company name, and job title when you create an account or request a demo.
• Communication data: messages, feedback, and support requests you send to us.
• Booking data: scheduling information when you book a demo or walkthrough.

Information Collected Automatically

• Usage data: pages visited, features used, and actions taken within the platform.
• Device data: browser type, operating system, and IP address.
• Cookies: an HttpOnly, Secure session cookie for authentication. This cookie cannot be accessed by client-side scripts and is transmitted only over encrypted connections.

Salesforce Data

When you connect a Salesforce org, we access it through secure OAuth with the minimum permissions required. Test executions interact with your org in real time and we do not copy or store your Salesforce business records (accounts, contacts, opportunities, etc.).

However, each test execution may generate verification artifacts — screenshots, HTML reports, and video recordings of the browser session — that could incidentally contain Salesforce data visible on screen at the time of capture. These artifacts are:

• Stored in encrypted cloud storage on Google Cloud Platform (encrypted at rest with Google-managed keys).
• Accessible only to authenticated users within your tenant.
• Automatically deleted after your plan's configured retention period (default: 7 days).
• Subject to a maximum 90-day cloud storage lifecycle policy as a safety net, ensuring all objects are permanently removed even if the primary cleanup process encounters a failure.

3. How We Use Your Information

• To provide, maintain, and improve our services.
• To communicate with you about your account, requests, and service updates.
• To send morning briefing emails and notification preferences you've opted into.
• To monitor platform reliability and detect issues.
• To comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share information with:

• Service providers: cloud infrastructure (Google Cloud Platform), email delivery (Resend), and scheduling (Cal.com) — only as necessary to operate the service.
• Legal requirements: when required by law, regulation, or legal process.

5. Data Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, and access controls. Our infrastructure runs on Google Cloud Platform with enterprise-grade security. Authentication uses Firebase Identity Platform with magic link and multi-factor authentication support. For our full security posture — session handling, tenant isolation, upload validation, monitoring, subprocessors, and incident response — see our Security page.

6. Data Retention

We retain your account information for as long as your account is active. Test run metadata (pass/fail status, timestamps, duration) is retained according to your plan's retention settings (default: 7 days). Verification artifacts (screenshots, reports, and video recordings) follow the same retention schedule and are automatically deleted. A cloud storage lifecycle policy ensures all artifacts are permanently removed within 90 days under all circumstances, even in the event of a cleanup failure. You may request deletion of your data at any time by contacting us.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information.
• Opt out of marketing communications.
• Export your data in a portable format.

8. Cookies

We use a single essential cookie (ra_session) for authentication and session management. This cookie is HttpOnly (inaccessible to JavaScript), Secure (transmitted only over HTTPS), and uses the SameSite=Lax attribute to prevent cross-site request forgery. We do not use third-party tracking or advertising cookies. The Cal.com scheduling widget on our contact page may set its own cookies, governed by Cal.com's Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at info@ReleaseAssurance.com.