A short, plain-English summary you can give to anyone who asks.
TestBro is a desktop tool that runs on the tester's laptop. When it uses AI to analyse a page or write a test, the page screenshot and text go directly from the tester's machine to Anthropic (the AI provider), using the tester's own paid Anthropic account. The vendor of TestBro — Ekkora — never sees your data.
When the tester runs TestBro against your application, every AI request travels: tester's laptop → Anthropic API → tester's laptop. The tester's own API key signs each request, and the response stays on their machine. There is no Ekkora server in that path, by design — there is no place for your data to be stored or read by us.
For the tester ↔ Ekkora relationship (signup, license, telemetry), Ekkora is the data controller; our full privacy statement is at testbro.ekkora.nl/privacy.html. For the tester ↔ Anthropic relationship (the AI calls), Anthropic acts under their own data processing terms with the tester. Because your data does not enter Ekkora's systems, Ekkora is not a processor of your data; the tester remains the responsible party under your engagement with them.
If anything here is unclear, or if your security/privacy team needs more detail, email amir@ekkora.nl. The longer technical version of this page lives at testbro.ekkora.nl/trust.html; our security policy is at github.com/TechVEkko/TestBro/blob/main/SECURITY.md.