We use cookies to enhance your experience and analyze our traffic. Privacy Policy

Skip links
Download GTP App
scroll
Login
[wpml_language_selector_widget]
Start Free Trial
Go Test Pro
GoTestPro

Privacy Policy

This Privacy Policy outlines how GoTestPro (“GoTestPro”, “we”, “us”, or “our”), including its affiliated entities and subsidiaries, collects, uses, stores, and discloses personal data in relation to its websites, products, and services. This Policy reflects global best practices in data protection and privacy, including compliance with applicable regulations and applicable Law(s).

Scope and Applicability

This Privacy Policy applies to personal data collected by GoTestPro in the context of:
  • Access to our websites and SaaS platform.
  • Use of our testing automation services.
  • Interactions via APIs, integrations (e.g., with ServiceNow, Jira, Google Workspace), support portals, or events.
  • Marketing and business development activities.
This Policy does not apply to personal data processed by customers via GoTestPro as part of their own testing data or use cases. In such cases, the customer acts as the data controller, and GoTestPro acts as a data processor.

Data Controller and Contact

For the purposes of this Policy, GoTestPro is the data controller for all personal data it collects directly. For data processed on behalf of clients through our platform, we operate as a data processor.

Our designated Data Protection Officer (DPO) is:

Name: Wasey Ameen
Email: Noc@royalcyber.com

Types of Personal Data Collected

Depending on how you interact with GoTestPro, we may collect the following personal data:

Direct Collection

  • Name, job title, company name
  • Business contact details (email, phone number)
  • Account credentials and authentication data
  • Communication preferences

Automated Collection

  • IP address and device identifiers
  • Browser type and OS information
  • Session logs and diagnostic data
  • Geolocation data (approximate)
  • Platform usage metrics and clickstream data

Third-Party Sources

We may also receive data from:
  • Authorized resellers, partners, or event registrations
  • Integrated services (e.g., Google)
  • Public sources (e.g., LinkedIn)

Legal Basis for Processing

We process your personal data under the following legal bases:
  • Contractual necessity: To provide access to our services or perform obligations under a contract.
  • Legitimate interests: For platform security, usage analytics, and improving services.
  • Consent: Where required, especially for marketing communications.
  • Legal obligation: Where processing is necessary for compliance with legal or regulatory requirements.

Purpose of Data Use

We use personal data for the following purposes:
  • Provision and administration of user accounts
  • Enabling access to the GoTestPro platform and integrations
  • Managing subscriptions, billing, and customer relationships
  • Delivering technical support and resolving service issues
  • Communicating platform updates, features, and releases
  • Conducting analytics and usage trend analysis
  • Marketing, event invitations, and lead nurturing (where permitted)
  • Security monitoring and fraud prevention
  • Compliance with legal, tax, and audit obligations

Data Sharing and Disclosures

We do not sell or rent personal data.
We may disclose personal data to:
  • Trusted service providers (e.g., hosting, email, CRM, analytics)
  • Third-party platforms (e.g., Google, ServiceNow) only where explicitly authorized
  • Affiliated companies under common ownership
  • Regulatory bodies or courts where legally required
All vendors and processors are bound by data processing agreements consistent with GDPR, CCPA, and industry certifications (e.g., ISO 27001).

Cross-Border Data Transfers

Data may be transferred to jurisdictions outside your country of residence, including the United States, the European Union, or other countries in which we or our service providers operate. In such cases, transfers are safeguarded through mechanisms such as:
  • Standard Contractual Clauses (SCCs)
  • Data transfer agreements
  • Privacy Shield (where applicable)

Data Security

GoTestPro implements robust technical and organizational measures to ensure data confidentiality, integrity, and availability, including:
  • Encryption in transit and at rest
  • Role-based access controls
  • Activity logging and monitoring
  • Incident response and disaster recovery plans
We maintain compliance with applicable information security standards and conduct regular internal and third-party audits.
Users are responsible for protecting their credentials and ensuring secure use of their integrations and sessions.

Data Retention

We retain personal data only as long as necessary to:
  • Provide the contracted services
  • Fulfill legal or regulatory obligations
  • Resolve disputes or enforce agreements
Business and account-related data is generally retained for up to 7 years, while marketing data is retained for a maximum of 24 months unless consent is withdrawn earlier.

Your Rights

Subject to applicable law (e.g., GDPR, CCPA, LGPD), you may have the following rights:
  • Access – Obtain a copy of the data we hold about you.
  • Rectification – Request correction of inaccurate or incomplete data.
  • Erasure – Request deletion of your personal data.
  • Restriction – Request limited processing in certain circumstances.
  • Portability – Request transfer of your data in a usable format.
  • Objection – Object to processing for marketing or profiling.
  • Withdrawal of Consent – Withdraw your consent where applicable.
To exercise your rights, contact our DPO at Noc@royalcyber.com

CCPA and GDPR Compliance Practices

GoTestPro is fully committed to protecting personal data and ensuring compliance with all applicable data privacy regulations, including the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR). In line with these regulatory frameworks, we have implemented comprehensive technical and organizational controls to uphold the core principles of data minimization, transparency, accountability, and user empowerment.
The following practices are actively maintained to ensure compliance:

Data Subject Access Requests (DSARs)

We have formal procedures in place to respond to requests from individuals regarding their personal data. This includes:
  • Confirming whether we process an individual’s data.
  • Providing access to personal data upon request.
  • Correcting inaccurate information.
  • Deleting data under the “right to be forgotten” as per GDPR or upon valid deletion requests under CCPA.

Consent and Opt-Out Management

Users are given clear choices regarding the use of their personal information. Our systems enable:
  • Collection of affirmative opt-in consent (GDPR).
  • Opt-out options for data sale/sharing and targeted advertising (CCPA).
  • Consent logs are maintained to demonstrate compliance.

Records of Processing Activities (ROPA)

GoTestPro maintains detailed documentation of its processing activities as required under Article 30 of the GDPR. These records include:
  • Categories of personal data processed.
  • Purpose of processing.
  • Third-party recipients (if any).
  • Cross-border data transfer mechanisms.

Transparent Privacy Notices

Our privacy policies are regularly updated and made accessible to users. These notices:
  • Clearly state the categories of personal data collected.
  • Explain processing purposes, retention periods, and data sharing.

Third-Party & Vendor Risk Management (TPRM/VRM)

GoTestPro, under the data protection governance framework of its parent company Royal Cyber Inc., implements a rigorous Third-Party and Vendor Risk Management (TPRM) program. This program ensures that vendors, suppliers, contractors, and partners meet the highest standards of privacy, security, and regulatory compliance.
The core elements of our TPRM/VRM program include:

Risk-Based Vendor Classification

All third parties are categorized based on the nature of services provided and the sensitivity of the data they may access or process. Higher-risk vendors undergo enhanced due diligence and controls.

Onboarding and Security Assessments

Prior to engagement, each vendor must undergo:
  • Privacy and security assessments.
  • Review of technical safeguards (e.g., encryption, access controls).
  • Validation of certifications (e.g., ISO 27001, SOC 2).

Ongoing Monitoring & Compliance Reassessment

  • Vendors are reviewed on a regular basis to ensure continued compliance.
  • Data processors are subject to audits, and their performance is tracked against KPIs and SLA terms.
  • Breaches or policy violations may result in contractual penalties or termination.

Documented Security & Privacy Obligations

Vendor contracts explicitly include:
  • Confidentiality clauses.
  • Data protection obligations in line with GDPR Art. 28 and CCPA Sec. 1798.140.
  • Breach notification timelines and cooperation requirements.

Non-Disclosure Agreement (NDA)

Every vendor is required to sign a standard Vendor/Supplier NDA that defines:
  • Their responsibilities for safeguarding GoTestPro’s proprietary and customer data.
  • Restrictions on data usage, access, and disclosure.
  • Post-termination obligations regarding return or destruction of data.
This proactive TPRM approach allows GoTestPro to minimize third-party risks, uphold contractual accountability, and ensure that vendor ecosystems are aligned with our legal, ethical, and information security standards.

Changes to This Privacy Policy

This Policy may be updated periodically to reflect changes in legal requirements, our services, or data processing practices. All updates will be published on our website, with a revised effective date. You are encouraged to review this Policy regularly.

Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact:
Data Protection Officer
Wasey Ameen
Email: Noc@royalcyber.com