Effective Date: October 20, 2020
Last Updated: December 2, 2024
Rainforest QA (“Rainforest”) understands and respects our users’ need for privacy. This Privacy Notice (“Notice”) describes the types of information we collect, the purposes for which it is used, and the choices you have with respect to its use.
This Notice applies to personal information we collect when you use our Rainforest QA (“Rainforest”) Platform, and the Rainforest website (collectively “Services”). “Personal information” refers to any information that identifies or may potentially identify an individual. This includes your name, email, address, phone number, and other non-public information that is associated with such information. This does not include aggregated or anonymized information. We encourage you to read this Notice in full to understand our privacy practices before using our Services. You can contact us with questions about our privacy practices at privacy@rainforestqa.com.
Rainforest QA is an on-demand Quality Assurance (“QA”) service that provides modern testing for web and mobile apps. Rainforest combines a crowd of human testers (“Tester” or “Testers”) with algorithmic management and virtual machines (“VMs”) to execute web and mobile regression testing for continuous deployment. For more information about our Services, check out the “Features“ section on our website.
This Privacy Notice is organized in the following sections:
This Notice broadly describes Rainforest’s privacy practices. Some jurisdictions may place additional restrictions on how we process personal information about you and our practices in those jurisdictions may be more restrictive than those described in this Notice.
If you are located in:
This Privacy Notice does not apply to:
We collect the following information through your use of our Services, and otherwise, with your consent. In some cases, we receive information directly from you, such as your name, the company you work for, and your work email address when you sign up for our Services. We also receive information directly from you when you send us an email inquiry, or when you set up an account as a Tester. In other cases, we receive information through your use of our Services, or through your work as a Tester.
To learn about your information collection choices and to opt-out of data collection, see the “Your Choices” section below.
We also collect information about you from other sources, including:
We share information we collect about you in the ways discussed below. We do not sell information about you to advertisers or other third parties.
Sharing with other users of our Services - When you use our Services, we may share certain information about you with other users:
Sharing with third parties – We share information about you with third parties only as described below:
We use collected information to:
Some of the collected information is necessary for us to deliver our Services to you. If you do not provide this information, we will not be able to deliver our Services to you.
Where appropriate or legally required, we will describe how we use personal information collected, so you can make choices about how your data is used. You can notify us of your preferences during the information collection process and change your selection at any time by contacting us directly.
We use cookies to collect your personal and other information as you navigate our Services. Cookies help make interactions with our Services easier and faster for our users. For more information about how we use cookies and to learn how to manage cookies and other tracking technologies, see our Cookie Notice.
You may have certain rights in connection with the personal information we obtain about you. To update your preferences, correct your information, limit the communications you receive from us, or submit a request to exercise your rights, please contact us at privacy@rainforestqa.com.
As required by law, you may have the right to:
Where our Services are administered for you by an administrator (such as your employer or organization), you may need to first contact your administrator to assist with your requests. For all other requests, you can contact us as provided in the “Contact Us” section below.
In some circumstances you can withdraw consent you previously provided to us or object to the processing of your personal information, and we will apply your preferences moving forward.
To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to your information. For example, we may request that you submit your request by logging into your Rainforest account to confirm your identity.
We may also decline your access request, but if we do, we will provide an explanation for our decision. Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information that we or your administrator are permitted by law to retain. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work, or where you feel your rights were infringed.
We use data hosting service providers in the United States to host the information we collect from you, and we use technical measures to secure your information. We may transfer the personal information we obtain about you to other countries, which may have different data protection laws than the country in which you initially provided the information. To the extent required by applicable law, we will take measures to protect the cross-border transfer of your information.
If you are located outside the US, by submitting personal information to us, you understand that this information will be transferred to Rainforest in the US, which may not have equivalent privacy and data protection laws to the country in which you reside. If you do not want your personal information transferred to the US, please do not submit any information to us or use our Services. In the event that we transfer information about EU citizens outside the EEA, we make use of European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms to safeguard the transfer.
The period for which we keep your information depends on the type of information, as described in further detail below. We will either delete or anonymize your information or, if this is not immediately feasible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from further use until we can delete your data.
We use reasonable and appropriate physical, technical, and administrative safeguards to protect your information from unauthorized use, access, loss, misuse, alteration, or destruction. We also require that third-party service providers acting on our behalf or with whom we share your information also provide appropriate security measures in accordance with industry standards.
Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations. If you have any questions about security of our Services, please contact us at privacy@rainforestqa.com.
Our Services are not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13.
Certain third-party services, websites, or applications you use, or navigate to and from our Services, may have separate user terms and privacy policies that are independent of this Notice. This includes, for example, websites owned and operated by our customers or partners. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third-party service, website, and/or application prior to use.
We periodically update this Notice to describe new features, products, or services, and how those changes affect our use of your information. If we make material changes to this Notice, we will provide notification through our services and/or notify you directly. We encourage you to review this Notice for updates each time you use our Services.
If you have questions about this Notice or our information handling practices, please contact us at privacy@rainforestqa.com.
Additional provisions applicable to processing personal information of individuals based in the EEA and UK.
This Appendix A (“Appendix”) applies to individuals based in the European Economic Area (“EEA”) or the United Kingdom (“UK”) and outlines your rights and choices regarding the processing of personal information we have about you under the General Data Protection Regulation (“GDPR”). This Appendix controls to the extent it conflicts with any provision in the main body of the Notice. Capitalized terms used in this Appendix are defined in our Notice.
We process personal information about you for the purposes set out above in “Information We Collect and Receive About You” and “How We Use Your Information.” We collect and process personal information about you only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal information under:
Your consent - Where appropriate or legally required, we collect and use information about you subject to your consent.
Performance of contract - We collect and use information about you to contract with you or to perform a contract that you have with us.
Legitimate interests - We collect and use information about you for our legitimate interests to improve our Services, deliver content, optimize your experience, and market our Services.
Compliance with laws - We may also collect and use information about you:
When you use our Services and provide personal information to us, we store this information in the United States (“US”), where Rainforest headquarters and IT systems (including servers) are located.
We also transfer personal information we have about you to third parties as described in the “How We Share Your Information” section above. These third parties may be located outside of the EEA. In circumstances that require us to transfer your information to third parties outside the EEA, we will only transfer such information where we have adequate measures in place to provide appropriate safeguards such as Model Clauses (standard contractual clauses produced by the EU Commission).
Although the data protection laws of various countries may differ from those in your own country, we take appropriate steps to ensure that your personal information is handled as described in this Notice and under the law.
The GDPR grants EU citizens and residents certain rights in connection with the personal information collected, as described below.
Right of Access - You have the right to request access and receive certain information about how we use personal information about you and who we share it with.
Right to Rectification - You have the right to request correction of personal information we hold about you where it is inaccurate or incomplete.
Right to Data Portability - You have the right to request a copy of data we hold about you in a structured, machine readable format, and to ask us to share this information with another entity.
Right to Erasure - You have the right to request deletion of the personal information we hold about you:
Right to Restriction of Processing - You have the right to ask us to restrict (stop any active) processing of your personal information:
Right to Object - You can object to our processing of your personal information based on our legitimate interests. We will no longer process your personal information unless we can demonstrate an overriding legitimate purpose.
Objection to Marketing and Profiling - You have the right to object to our processing of personal information for marketing communications. We will stop processing the data for that purpose. Rainforest does not share personal information with third parties for marketing and does not engage in any automated profiling for its Services outlined in this Notice.
Withdrawal of Consent - Where you have provided your consent for us to process your personal information, you can withdraw your consent at any time by emailing privacy@rainforestqa.com.
Please note that before we respond to requests for information, we will require that you verify your identity, or the identity of any data subject for whom you are requesting information.
To exercise these rights above, please contact us as noted in the “Our Contact Information” section in this Appendix.
We will fulfill your request within 30 days of receiving your request. Please note that the above rights may be limited in the following situations:
If you have questions about this Notice, Appendix, or your rights, please contact us at: privacy@rainforestqa.com.
Additional provisions applicable to processing personal information of California residents.
This Appendix B (“Appendix”) applies to California residents and outlines your rights and choices with respect to the processing of personal information we have about you under the California Consumer Privacy Act (“CCPA”). This Appendix controls to the extent it conflicts with any provision in the main body of the Notice. Capitalized terms used in this Appendix are defined in our Notice.
Please see the “Information We Collect and Receive About You” and “How We Use Your Information” sections in our Privacy Notice to learn more about the personal information we collect and use. We collect the following categories of information as classified under the CCPA:
Personal information does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
The CCPA grants California consumers certain rights in connection with the personal information collected, as described below.
Rainforest does not sell any personal information to third parties. We share the following categories of information as classified under the CCPA with service providers such as suppliers, vendors, business partners, and consultants in order to operate our business and provide you with our Services:
Please see the “How We Share Your Information” section in our Notice for additional details on how we disclose your personal information with selected recipients for specific purposes.
If you wish to exercise any of the above rights, contact us at privacy@rainforestqa.com or review the “Our Contact Information” section in this Appendix. You may also authorize an individual to submit a verifiable consumer request relating to your personal information.
We will verify your request using the information associated with your account, including email address. Government identification may be required. We cannot respond to your request if we cannot verify your identity and/or authority to make the request on behalf of another and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.
If you wish to use an authorized agent to submit a request to opt-out on your behalf, you must provide the authorized agent written permission signed by you, the consumer. We may deny a request from an authorized agent if the agent cannot provide to Rainforest your signed permission demonstrating that they have been authorized to act on your behalf.
We will fulfill your request within 45 days of receiving your request. Please note that your request may be limited in certain cases, for example if complying with your request would conflict with:
If you have questions about this Notice, Appendix, or your rights, please contact us at privacy@rainforestqa.com.
Rainforest recognizes the importance of security researchers in helping keep our customers safe. We encourage responsible disclosure of security vulnerabilities as described on this page.
Responsible disclosure includes:
Attribution on our Hall of Fame hosted in this page.
Monetary compensation is not currently offered under this program.
Rainforest reserves the right to decide if the minimum severity threshold has been met and whether it was previously reported.
In general, anything which has the potential for financial loss or data breach is of sufficient severity, including:
In general, the following would not meet the threshold for severity:
For example, “Your servers are vulnerable to Heartbleed” (with reasonable proof) will absolutely get you listed here, but “Your servers don’t get an A+ rating on SSL Labs” will definitely not. Don’t expect a response for any reported issues that don’t fit with the guidelines.
Disclose a vulnerability via email
Please include if possible: