legal
Privacy Policy
BrowserBash is built local-first. The open-source CLI sends nothing to us by default — your objectives, pages, and credentials stay on your machine. This policy explains the limited data the website and optional cloud dashboard collect, and the choices you have.
Last updated: 14 June 2026
Who we are
BrowserBash is a free, open-source project by The Testing Academy(“we”, “us”). It has two parts: a command-line tool (the CLI) you install and run on your own computer, and this website at browserbash.com including an optional account-based dashboard. For privacy questions, contact thetestingacademy@gmail.com. The Testing Academy is the data controller for personal data processed through the website and dashboard.
The CLI is local-first
When you run the BrowserBash CLI, it operates entirely on your machine. Your objectives, the web pages it visits, screenshots, recordings, variables, and any credentials are processed locally and are not transmitted to us.
- Model calls. To turn your plain-English objective into browser actions, the CLI sends prompts to the AI model you choose — a local model via Ollama (nothing leaves your machine), or a provider you configure (OpenRouter, Anthropic, etc.). Those calls go directly from your machine to that provider under their privacy policy. We are not in the path and never see them.
- Secrets stay masked. Values you pass as secrets are masked in logs and output by design. We recommend never hard-coding credentials in test files — use environment variables or secret variables.
- You opt in to send anything. Data only reaches our servers if you create an account and explicitly link the CLI (
browserbash connect) or upload a run (--upload). Nothing is uploaded silently.
What we collect
We only collect what the website and optional dashboard need to work:
| Category | Examples | When |
|---|---|---|
| Account data | Email, name, and authentication identifiers | When you sign up (via Clerk) |
| Run data | Run metadata, status, logs, and any video/screenshot recordings you upload | Only when you link the CLI or use --upload |
| Billing data | Subscription status and customer ID (card data is handled by Stripe, never us) | If you buy optional data retention |
| Usage analytics | Page views, clicks, and events like sign-up and install-copy, with approximate location and device/browser type | While browsing the website |
| Technical logs | IP address, request metadata, error logs from our hosting provider | Automatically, to keep the service running and secure |
How we use it
- Provide and operate your account and dashboard (run history, recordings, replay).
- Process the optional data-retention subscription, if you choose to buy it.
- Understand which pages and features are useful, and improve the product and docs.
- Keep the service secure, prevent abuse, and meet legal obligations.
- Respond to your support requests.
We do not use your run data or recordings to train AI models.
Legal basis (GDPR)
Where the GDPR applies, we rely on: contract (to run your account and dashboard); legitimate interests (to secure the service and understand aggregate usage); consent (for non-essential analytics cookies, which you can decline); and legal obligation (for records we must keep, e.g. tax for purchases).
Third-party processors
We use a small set of trusted providers to run the website and dashboard:
| Provider | Purpose |
|---|---|
| Vercel | Website & app hosting, edge delivery, request logs |
| Clerk | Account sign-up, login, and session management |
| Neon | Managed Postgres database for account & run metadata |
| Vercel Blob | Storage for run recordings/screenshots you upload |
| Stripe | Payment processing for optional data retention (PCI-compliant) |
| Google Analytics | Aggregate website usage analytics |
Each processor handles your data under its own terms and only as needed to provide its service to us. The AI model providers you configure in the CLI are not our processors — you choose and contract with them directly.
Cookies & analytics
The website uses a small number of cookies: essential cookies for login/session (Clerk) and a hero A/B preference, plus Google Analytics cookies to measure aggregate usage. You can decline non-essential cookies and still use the site. See our Cookie Policy for the full list and how to opt out.
Data retention
- Account data — kept while your account is active; deleted on request or after closure.
- Free run data — uploaded runs are retained for 15 days by default, then automatically deleted.
- Paid retention — if you subscribe, runs are kept for the period described at checkout until you cancel.
- Analytics — retained in aggregate per Google Analytics’ default retention window.
- Billing records — kept as long as required by law.
Sharing & selling
We do not sell your personal data, and we do not share it with advertisers. We share data only with the processors listed above, or where required by law. Because BrowserBash is open-source, anyone can audit exactly what the CLI does.
Your rights
Depending on where you live (e.g. EEA/UK under GDPR, California under CCPA/CPRA), you may have the right to access, correct, delete, export, or restrict use of your personal data, to object to certain processing, and to withdraw consent. To exercise any of these, email thetestingacademy@gmail.comand we’ll respond within the time the law requires. You also have the right to complain to your local data-protection authority.
Security
We use encryption in transit (HTTPS), managed and access-controlled infrastructure, and secret masking in the CLI. No system is perfectly secure, but we work to protect your data and to disclose any material incident responsibly. See our Security page for details and how to report a vulnerability.
Children
BrowserBash is a developer tool not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
Changes to this policy
We may update this policy as the product evolves. We’ll revise the “last updated” date above and, for material changes, give notice on the website or by email where appropriate.
Contact
Questions or requests? Email thetestingacademy@gmail.com. See also our Terms of Service, Cookie Policy, and Security page.