Privacy Policy

Last updated: January 14, 2026

1. Introduction

Fusillade ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our load testing platform and services.

By using Fusillade, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (hashed), organization name
  • Profile Information: Display name, company name (optional)
  • Payment Information: Billing address, payment method details (processed by Stripe)
  • Test Scripts: JavaScript code you upload for load testing
  • Support Communications: Messages you send to our support team

2.2 Information Collected Automatically

  • Usage Data: Test runs, API calls, feature usage, timestamps
  • Test Results: Performance metrics, response data, error logs from your tests
  • Device Information: Browser type, operating system, device type
  • Log Data: IP addresses, access times, pages viewed, referral URLs
  • Cookies: Session cookies for authentication and preferences

2.3 Information from Third Parties

  • OAuth Providers: If you sign in via GitHub or Google, we receive your email and profile information
  • Payment Processor: Transaction status and billing information from Stripe

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Send service-related communications (account verification, security alerts, updates)
  • Respond to your support requests and inquiries
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and abuse
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations

We do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising purposes
  • Share your test scripts or results with other users
  • Access or analyze the content of your test responses (beyond aggregate metrics)

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored on servers located in the European Union (Finland). We use industry-standard cloud infrastructure providers with SOC 2 compliance.

4.2 Security Measures

  • All data transmitted to and from our servers is encrypted using TLS 1.3
  • Passwords are hashed using Argon2, a modern password hashing algorithm
  • API keys are generated using cryptographically secure random numbers
  • Database access is restricted and monitored
  • Regular security audits and vulnerability assessments

4.3 Data Retention

We retain your data according to your subscription tier:

  • Developer (Free): Test results retained for 3 days
  • Team: Test results retained for 3 months
  • Enterprise: Custom retention period

Account information is retained until you delete your account. Some data may be retained longer for legal compliance or legitimate business purposes.

5. Data Sharing

We may share your information with:

  • Service Providers: Third parties who help us operate the Service (e.g., Stripe for payments, cloud infrastructure providers). These providers are contractually obligated to protect your data.
  • Team Members: If you're part of an organization, other members may see shared test results and usage according to their role permissions.
  • Legal Requirements: When required by law, court order, or government request, or to protect our rights and safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the new owner.

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at fusi@fusillade.io. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings (e.g., dark mode)
  • Analytics: Understand how users interact with the Service

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

8. International Data Transfers

Your data is primarily stored in the European Union. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding Corporate Rules where applicable

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: fusi@fusillade.io

12. GDPR Compliance (EU Users)

For users in the European Economic Area, we process your data under the following legal bases:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interest: Processing for security, fraud prevention, and service improvement
  • Legal Obligation: Processing required by law
  • Consent: Where you have given explicit consent

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.