← Back to WinQA
Case File

Privacy Policy

Last updated: March 31, 2026

1Overview

WinQA (“we,” “our,” or “the platform”) is an AI testing playground for developers and QA professionals. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at winqa.ai.

2Information We Collect

Account Information

We use Clerk for authentication. When you sign up, Clerk collects your email address and authentication credentials. We do not store passwords directly — Clerk handles all authentication securely.

API Keys

If you provide API keys for AI providers (Cohere, Google Gemini, Groq, OpenRouter), they are encrypted using AES-256-GCM before storage. Keys are only decrypted server-side when making requests to AI providers on your behalf and are never logged or exposed in plaintext.

User-Generated Content

Content you create on the platform — prompts, test cases, bug reports, insights, battle results, and code snippets — is stored in our MongoDB database and associated with your user account.

Usage Analytics

We use Vercel Analytics to collect anonymous, aggregated usage data such as page views and performance metrics. This data does not personally identify you.

3How We Use Your Information

  • To provide and maintain the WinQA platform and its features
  • To authenticate your identity and secure your account
  • To make API calls to AI providers using your encrypted keys
  • To store and display your testing data (prompts, bugs, test cases, insights)
  • To improve platform performance and user experience

4Data Storage & Security

Your data is stored in MongoDB and secured with the following measures:

  • API keys are encrypted at rest using AES-256-GCM with unique initialization vectors
  • All connections use HTTPS/TLS encryption in transit
  • Authentication is handled by Clerk with industry-standard security practices
  • Access to data is restricted to authenticated users viewing their own content

5Data Sharing

We do not sell your data.

We do not sell, rent, or trade your personal information or content to third parties. Your data is shared only with the following service providers necessary to operate the platform:

  • Clerk — Authentication and user management
  • MongoDB Atlas — Database hosting
  • Vercel — Hosting and analytics
  • AI Providers — Your prompts are sent to the AI providers you select (Cohere, Google, Groq, OpenRouter) to generate responses. Refer to each provider's privacy policy for their data handling practices.

6Cookies

WinQA uses essential cookies for authentication (managed by Clerk) and session management. We use Vercel Analytics which may set anonymous performance cookies. We do not use advertising or tracking cookies.

7Your Rights

You have the right to:

  • Access, update, or delete your account and associated data
  • Remove your API keys from the platform at any time via Settings
  • Delete any content you have created (prompts, bugs, test cases, insights)
  • Request a complete export or deletion of your data by contacting us

8Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Your continued use of WinQA after changes constitutes acceptance of the updated policy.

9Contact

For questions about this Privacy Policy or your data, please open an issue on our GitHub repository.

winqa.aiTerms of Service →