Data Privacy and Controls

Reflect Data Storage

The following assets are securely stored in Reflect’s cloud infrastructure:

Test Case metadata

  • Test step descriptions

  • Selectors (for record-and-play steps)

  • API credentials (for API steps)

  • JavaScript source code (for code-based steps)

  • Prompt text (for AI prompt steps)

  • Input values

  • Acceptance criteria

Test Execution metadata

  • Video of test run

  • Network/Console logs

  • Execution logs, including error logging

  • Screenshots (for visual testing feature)

  • API request/responses (for API testing feature)

Reflect Data Retention

Test Case assets are retained in perpetuity until the Test Case is deleted by an authorized user within the Reflect account, or the account is deleted.

Test execution assets observe a data retention policy that can be customized at the Reflect account level. The default retention policy is 30 days.

Reflect / OpenAI integration

The following information is included in API calls sent from Reflect to OpenAI:

  • A text-based description of the current state of the application under test, including the state of individual elements within the application.

  • The original prompt text that was entered by the end user within the Zephyr Scale/Reflect UI.

  • A screenshot of the current state of the application under test.

OpenAI Data Privacy Controls - Key Points

  • OpenAI does not use data submitted to and generated by our API to train OpenAI models or improve OpenAI’s service offering.

  • You own your inputs and outputs (where allowed by law)

  • OpenAI may securely retain API inputs and outputs for up to 30 days to identify abuse.

Sources:

Publication date: