Privacy Policy

Last updated: June 2026

This policy explains what Release Assurance ("we") collects and how we handle it as a managed Salesforce regression-testing service. For the technical security posture, see our Trust & Security page.

1. What we collect

• Account data — names and work emails of your authorized users.
• Connection data — the Salesforce sandbox endpoint and the credentials/keys needed to run verification as your least-privilege automation user.
• Verification artifacts — screenshots, video, and run timelines produced during a run, which may incidentally capture on-screen Salesforce data.
• Operational logs — per-request, per-tenant logs used to operate and secure the service.

2. How we use it

Solely to deliver the service: authoring and running verification, detecting and reporting failures, maintaining coverage, and supporting your account. We do not sell your data or use it to train third-party models.

3. Retention

Verification artifacts are retained for your plan's window (7-day default) and deleted automatically, with a 90-day hard ceiling enforced by storage lifecycle policy. Salesforce access tokens are held in memory only and never written to disk. See the retention table on our Trust page.

4. Subprocessors

We use Google Cloud (infrastructure), Resend (transactional email), Cal.com (demo scheduling only), and Sentry (error tracking, when enabled). Each is bound by its own data-processing commitments. A current list is on the Trust page.

5. Your rights & the DPA

You retain all rights to your Salesforce data. On request we provide a GDPR-aligned Data Processing Agreement, and on termination we revoke access and purge your data and artifacts. Email dpa@releaseassurance.com.

6. Contact

Questions about privacy or security: security@releaseassurance.com.