Overview
Shuddhi QA (shuddhiqacloud.pages.dev) is an AI-powered QA test case generator built and maintained by Ramya, Senior QA Engineer, Bengaluru, India. This privacy policy explains what data is collected, how it is used, and your rights regarding that data.
Data We Collect
Shuddhi QA collects the minimum data required to function:
| Data | Where stored | Purpose | Sent to server? |
|---|---|---|---|
| AI provider preference | Browser localStorage | Remember your selected provider | No |
| Personal API keys (Claude, Gemini, Groq) | Browser localStorage | Passed directly to AI provider APIs | Only to respective AI provider |
| ADO/Jira credentials | Browser localStorage | Connect to your Azure DevOps or Jira | Only to ADO/Jira via proxy |
| Usage statistics (token counts, cost estimates) | Browser localStorage | Usage & Cost panel display | No |
| Session history (last 20 generations) | Browser localStorage | Reload recent test cases | No |
| Google OAuth access token | Browser sessionStorage only | Read Google Cloud billing info | Proxied to Google Cloud API |
| Google billing account ID | Browser localStorage | Remember selected billing account | No |
localStorage and sessionStorage — standard browser storage that is never shared across sites and is fully under your control.
Google OAuth & Billing Data
Shuddhi QA offers an optional Google Cloud Billing sync feature that uses Google OAuth 2.0 to display your billing account details directly inside the app.
- Scope requested:
cloud-billing.readonly— read-only access to your own Google Cloud billing account information only. - What we read: Billing account name, account ID, status, linked project, budget caps, and spending information (if available via the API).
- What we do NOT read: Gmail, Google Drive, Google Calendar, contacts, or any other Google service data.
- Token storage: The OAuth access token is stored only in
sessionStorage— it is automatically deleted when you close the browser tab. It is never written tolocalStorage, cookies, or any server. - Server handling: The access token is passed to our Cloudflare Pages proxy solely to forward requests to the Google Cloud Billing API. It is never logged, stored, or retained by our proxy.
- Data retention: Billing account ID is stored in
localStoragefor convenience (to remember your last-selected account). No billing financial data is ever stored locally or on servers.
How to revoke access: Click the Disconnect button inside Settings → Usage & Cost at any time. You can also revoke access from your Google Account permissions page.
AI Provider Data Processing
When you generate test cases, your requirement text and uploaded documents are sent to the selected AI provider. Each provider processes this data under their own privacy policy:
| Provider | Privacy Policy | Data region |
|---|---|---|
| 🤖 Anthropic (Claude) | anthropic.com/privacy | United States |
| ✦ Google (Gemini) | policies.google.com/privacy | United States |
| ⚡ Groq (Llama) | groq.com/privacy-policy | United States |
localStorage and are never logged or stored on Shuddhi QA's servers.
Third-Party Services
Shuddhi QA integrates with the following external services when configured by you:
- Azure DevOps — Test plan push uses your Personal Access Token, stored in browser localStorage and forwarded via our proxy to
dev.azure.com. - Jira — Ticket fetch uses your API token, stored in browser localStorage and forwarded via our proxy to your Jira instance URL.
- Google Fonts — Fonts (Cormorant Garamond, DM Sans, JetBrains Mono) are loaded from
fonts.googleapis.com. Google may log the font request IP address. - Exchange Rate APIs — USD→INR rate is fetched from
exchangerate-api.comandopen.er-api.comfor cost display. No personal data is sent.
No analytics services, advertising networks, or social media trackers are used on Shuddhi QA.
Data Retention & Deletion
- localStorage data — Persists until you clear your browser data, or click Reset all data inside Settings → Usage & Cost.
- sessionStorage data — Deleted automatically when you close the browser tab.
- Server logs — Cloudflare Pages may retain standard server logs (IP address, request path, timestamp) for up to 30 days as per Cloudflare's Privacy Policy. No request body content is logged.
- Generated test cases — Stored only in your browser's localStorage (last 20 sessions). Never on our servers.
Your Rights
Since all data is stored locally in your browser, you have full control at all times:
- Access: Open your browser's DevTools → Application → Local Storage to see all stored data.
- Delete: Click Reset all data in Settings → Usage & Cost, or clear browser data for this site.
- Revoke Google access: Click Disconnect in Settings → Usage & Cost, or visit myaccount.google.com/permissions.
- Data portability: Export your usage data as CSV from Settings → Usage & Cost → Download CSV.
Security
- All network traffic uses HTTPS/TLS encryption.
- API proxy endpoints validate request origins and reject cross-origin requests from non-whitelisted domains.
- OAuth tokens are never written to persistent storage or server-side logs.
- The application is deployed on Cloudflare Pages with DDoS protection and WAF.
- No user accounts or passwords — nothing to breach.
Changes to This Policy
If this privacy policy changes materially, the updated date at the top of this page will be updated. Since Shuddhi QA does not collect email addresses, we cannot notify users directly — please check this page periodically if you have concerns.
Continued use of Shuddhi QA after policy changes constitutes acceptance of the updated policy.
Contact
For privacy questions, data requests, or concerns: