> ## Documentation Index
> Fetch the complete documentation index at: https://docs.testdino.com/llms.txt
> Use this file to discover all available pages before exploring further.

# TestDino Access to Customer Data

> Full breakdown of data categories TestDino collects during test execution, account registration, and product usage. Understand what is stored and why.

TestDino collects data for test execution management, result analytics, CI/CD integration, and platform administration. This page lists every data category.

## Quick Reference

| Category                                              | Description                                    |
| :---------------------------------------------------- | :--------------------------------------------- |
| [Team & Administration](#team--administration)        | User profiles, authentication, account status  |
| [Organization Data](#organization-data)               | Org profiles, members, roles, invitations      |
| [Source Attribution](#source-attribution)             | UTM parameters, ad tracking, referrers         |
| [Test Results](#test-results)                         | Run metadata, test cases, steps, flaky tests   |
| [Artifacts](#artifacts)                               | Screenshots, videos, traces, logs              |
| [CI/CD Environment](#cicd-environment-data)           | Git, PR, pipeline, system, sharding metadata   |
| [Third-Party Integrations](#third-party-integrations) | GitHub, Jira, Linear, Asana, Slack, Monday.com |
| [Billing](#billing--subscription-data)                | Plans, usage, payments, invoices               |

***

## Team & Administration

Data collected during registration, authentication, and account management.

| Data Point                | Purpose                                                                   |
| :------------------------ | :------------------------------------------------------------------------ |
| Email address             | Account identification, login, notifications                              |
| First name, last name     | Display name across the platform                                          |
| Profile picture URL       | User avatar                                                               |
| Password                  | Authentication (bcrypt hashed, 12 salt rounds, never stored in plaintext) |
| Google OAuth ID           | SSO authentication via Google                                             |
| Auth provider             | Tracks authentication method: `email`, `google`, or `both`                |
| Last login timestamp      | Security auditing and session management                                  |
| Email verification status | Account verification compliance                                           |
| Terms accepted at         | GDPR: records when user accepted terms                                    |
| Policy version            | GDPR: records which privacy policy version was accepted                   |
| Access IP addresses       | Rate limiting, security monitoring, audit trails                          |
| Failed login attempts     | Account lockout (locks after 5 failed attempts for 30 minutes)            |

## Organization Data

| Data Point                     | Purpose                                                                        |
| :----------------------------- | :----------------------------------------------------------------------------- |
| Organization name, description | Identification                                                                 |
| Logo URL                       | Branding (stored in Azure Blob Storage)                                        |
| Website URL                    | Organization profile                                                           |
| Owner job role                 | Onboarding context                                                             |
| Industry                       | Onboarding context                                                             |
| Team size                      | Capacity planning (`1`, `2-10`, `11-50`, `51-100`, `101-250`, `250+`)          |
| Member list                    | Access control: user ID, role, invite timestamp, join timestamp                |
| Member roles                   | RBAC: `org_owner`, `org_admin`, `org_member`, `org_billing`, `org_viewer`      |
| Pending invites                | Email, role, invitation timestamp for unaccepted invitations                   |
| External member access         | Time-limited access for external collaborators (default 30 days, max 365 days) |
| Ownership transfer history     | Audit trail for ownership changes                                              |

## Source Attribution

Collected during registration for marketing attribution. Stored in the user profile.

| Data Point           | Purpose                                                                               |
| :------------------- | :------------------------------------------------------------------------------------ |
| UTM parameters       | `utm_source`, `utm_medium`, `utm_campaign`, `utm_term`, `utm_content`                 |
| Ad tracking IDs      | `gclid` (Google), `fbclid` (Facebook), `ad_group`, `keyword`, `placement`, `creative` |
| Referrer URL         | Traffic source attribution                                                            |
| Entry/exit path      | User journey tracking                                                                 |
| Session ID           | Attribution session correlation                                                       |
| Landing page variant | A/B test tracking                                                                     |
| Tracking version     | Attribution schema version for backward compatibility                                 |

## Test Results

Data collected when test runs are submitted via the TestDino reporter.

### Run-Level Data

| Data Point           | Purpose                                                                 |
| :------------------- | :---------------------------------------------------------------------- |
| Run counter          | Unique sequential identifier per project                                |
| Status               | `pending`, `running`, `completed`, `failed`, `cancelled`, `interrupted` |
| Start/end timestamps | Duration calculation and timeline display                               |
| Total duration       | Performance tracking                                                    |
| Test statistics      | Total, passed, failed, skipped, flaky, timed out, interrupted counts    |
| Total attempts       | Retry tracking                                                          |
| Custom tags          | User-defined categorization                                             |

### Test Case Data

| Data Point     | Purpose                                      |
| :------------- | :------------------------------------------- |
| Test title     | Identification                               |
| Test status    | Pass/fail/skip result                        |
| Duration       | Performance measurement                      |
| Attempts count | Retry tracking                               |
| File location  | Source file path, line number, column number |
| Tags           | User-defined categorization                  |

### Test Steps

| Data Point            | Purpose                                            |
| :-------------------- | :------------------------------------------------- |
| Step title            | Identification                                     |
| Step category         | `hook`, `fixture`, `pw:api`, `test.step`           |
| Duration              | Performance measurement                            |
| Location              | File path, line, column                            |
| Parent step reference | Nested step hierarchy                              |
| Error details         | Error message, stack trace, location, code snippet |
| Annotations           | Type and description metadata                      |

### Flaky Test Data

| Data Point                 | Purpose                                                                 |
| :------------------------- | :---------------------------------------------------------------------- |
| Flaky test identifiers     | Tests that failed then passed on retry                                  |
| Retry count before passing | Flakiness severity measurement                                          |
| Error categorization       | `assertion failure`, `element not found`, `timeout`, `network`, `other` |

## Artifacts

Test artifacts uploaded during execution.

| Artifact Type         | Storage                  | Purpose                            |
| :-------------------- | :----------------------- | :--------------------------------- |
| Screenshots           | Azure Blob Storage       | Visual test evidence and debugging |
| Video recordings      | Azure Blob Storage       | Test execution replay              |
| Playwright traces     | Azure Blob Storage       | Step-by-step execution debugging   |
| Console output / logs | Azure Blob Storage       | Runtime log inspection             |
| Inline attachments    | MongoDB (base64-encoded) | Small embedded test artifacts      |

Storage path format: `{projectId}/{testRunId}/{artifactType}/`

Access is controlled via time-limited SAS tokens (48-hour expiry) with least-privilege permissions.

## CI/CD Environment Data

Metadata collected from the CI/CD environment where tests run.

### Version Control (Git)

| Data Point              | Purpose                                          |
| :---------------------- | :----------------------------------------------- |
| Commit hash (SHA)       | Unique commit identification, indexed for lookup |
| Commit message          | Context for the change being tested              |
| Commit author name      | Attribution                                      |
| Commit author email     | Attribution                                      |
| Commit author ID        | GitHub user ID for deduplication                 |
| Commit timestamp        | Timeline tracking                                |
| Branch name             | Environment mapping, filtering                   |
| Repository name and URL | Source identification                            |

### Pull Request Data

| Data Point | Purpose                                                                                  |
| :--------- | :--------------------------------------------------------------------------------------- |
| PR ID      | Unique identification                                                                    |
| PR title   | Context display                                                                          |
| PR URL     | Link back to source                                                                      |
| PR status  | `open`, `draft`, `ready_for_review`, `changes_requested`, `approved`, `merged`, `closed` |

### CI Pipeline Data

| Data Point                | Purpose                                            |
| :------------------------ | :------------------------------------------------- |
| CI provider               | GitHub Actions, GitLab CI, Jenkins, CircleCI, etc. |
| Pipeline ID               | Unique pipeline identification                     |
| Pipeline name and URL     | Display and linking                                |
| Build number              | Build identification                               |
| Trigger type              | `manual`, `push`, `pull_request`, `scheduled`      |
| Environment name and type | `production`, `staging`, `dev` classification      |

### System Metadata

| Data Point          | Purpose                 |
| :------------------ | :---------------------- |
| Hostname            | Runner identification   |
| CPU count and model | Hardware profiling      |
| Memory              | Resource capacity       |
| Operating system    | Platform identification |
| Node.js version     | Runtime version         |
| Playwright version  | Framework version       |

### Test Framework Configuration

| Data Point                 | Purpose                                                      |
| :------------------------- | :----------------------------------------------------------- |
| Framework name and version | Compatibility tracking                                       |
| Config file path           | Project configuration reference                              |
| Root/test directories      | Project structure                                            |
| Timeout, retries, workers  | Execution settings                                           |
| Parallelization settings   | Concurrency configuration                                    |
| Browser settings           | Name, viewport, headless mode, trace/screenshot/video config |
| Project configurations     | Per-project overrides                                        |

### Sharding Metadata

| Data Point                  | Purpose                             |
| :-------------------------- | :---------------------------------- |
| Shard count                 | Total shards expected               |
| Received/completed shards   | Progress tracking                   |
| Per-shard status and timing | Individual shard monitoring         |
| Per-shard statistics        | Distributed test result aggregation |

## Third-Party Integrations

TestDino integrates with external services for CI/CD workflows, issue tracking, and notifications. Access is scoped to minimum required permissions.

### GitHub

| Access Scope           | Details                                                                                |
| :--------------------- | :------------------------------------------------------------------------------------- |
| Installation ID        | App installation identification                                                        |
| Repository access      | Repository ID, name, full name, privacy status                                         |
| PR comments            | Posts test result summaries on pull requests (configurable per branch)                 |
| Commit status comments | Posts status on commits (configurable)                                                 |
| CI checks              | Pass rate threshold (default 90%), mandatory tags, flaky handling (`strict`/`neutral`) |
| Push webhooks          | Receives push events (verified via `X-Hub-Signature-256`)                              |
| Repository data        | No source code access. Limited to metadata and status posting.                         |

### Jira

| Access Scope    | Details                                                             |
| :-------------- | :------------------------------------------------------------------ |
| Connection type | User-level personal API tokens                                      |
| Access          | Issue creation from test failures                                   |
| Data stored     | Access token, refresh token (encrypted), token expiry, workspace ID |

### Linear

| Access Scope    | Details                                               |
| :-------------- | :---------------------------------------------------- |
| Connection type | User-level personal tokens                            |
| Access          | Issue tracking from test failures                     |
| Data stored     | Access token, refresh token (encrypted), token expiry |

### Asana

| Access Scope    | Details                                               |
| :-------------- | :---------------------------------------------------- |
| Connection type | User-level personal tokens                            |
| Access          | Task creation from test failures                      |
| Data stored     | Access token, refresh token (encrypted), token expiry |

### Slack

| Access Scope    | Details                                                      |
| :-------------- | :----------------------------------------------------------- |
| Connection type | Webhook URLs and/or OAuth-based Slack App                    |
| Access          | Posts test failure notifications to configured channels      |
| Data stored     | Webhook URL, OAuth tokens (encrypted), workspace/channel IDs |

### Monday.com

| Access Scope    | Details                                          |
| :-------------- | :----------------------------------------------- |
| Connection type | Board-level integration                          |
| Access          | Workflow item creation from test events          |
| Data stored     | Access token (encrypted), board ID, workspace ID |

### Razorpay (Billing)

| Access Scope    | Details                                                |
| :-------------- | :----------------------------------------------------- |
| Connection type | Server-to-server webhooks                              |
| Access          | Payment events only (`charged`, `failed`, `cancelled`) |
| Verification    | Webhook signature verification                         |
| Data stored     | Payment ID, subscription ID, amount, currency, status  |

<Note>
  **Note**

  No raw card data is stored. All payment processing is handled by Razorpay.
</Note>

## Billing & Subscription Data

| Data Point             | Purpose                                                                           |
| :--------------------- | :-------------------------------------------------------------------------------- |
| Plan tier              | `free`, `pro`, `team`, `enterprise`                                               |
| Billing cycle          | `monthly`, `annual`                                                               |
| Subscription status    | `active`, `trialing`, `paused`, `cancelled`, `cancelling`, `pending_cancellation` |
| Billing email          | Invoice delivery                                                                  |
| Last payment date      | Payment tracking                                                                  |
| Usage metrics          | Executions used, per-project allocations, borrowed/lent amounts                   |
| Usage alert thresholds | Notifications at 50%, 75%, 90%, 100%                                              |
| Payment records        | Razorpay payment ID, amount, currency, status                                     |
| Invoices               | Invoice number, amount, tax, status, issue/due/paid dates                         |

## What TestDino Does NOT Collect

* Source code or repository contents
* Raw credit card numbers or banking details (handled by Razorpay)
* Personal browsing history outside of TestDino
* Data from services beyond the integrations listed above

## Related

Learn how data is redacted and how long it is retained.

<CardGroup cols={2}>
  <Card title="Data Redaction" icon="eye-slash" href="/data-privacy/data-redaction">
    How secrets are detected and removed from artifacts
  </Card>

  <Card title="Data Retention" icon="clock" href="/data-privacy/data-retention">
    Retention periods by tier and data category
  </Card>
</CardGroup>
