Data Collection & Cookie Policy
Effective Date: April 9, 2026
Last Updated: April 9, 2026
This Data Collection & Cookie Policy ("Policy") explains in detail what data BurnTest.io ("BurnTest," "we," "us," or "our") collects, the technologies we use to collect it, and how you can manage your preferences. This Policy supplements our Privacy Policy and should be read in conjunction with it.
1. What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and give website operators information about how their site is being used. Cookies can be "session" cookies (which expire when you close your browser) or "persistent" cookies (which remain on your device for a set period or until you delete them).
2. Cookies and Technologies We Use
The following table describes the specific cookies and client-side storage technologies used by BurnTest.io:
| Technology | Name / Key | Purpose | Type | Duration |
|---|---|---|---|---|
| Cookie | session_token | Authentication session — keeps you logged in securely after OAuth login | Essential | Session / 30 days |
| localStorage | theme | Stores your dark/light theme preference | Functional | Persistent |
| localStorage | feedback_dismissed_at | Remembers when you dismissed the feedback widget so it stays hidden for 7 days | Functional | 7 days |
| localStorage | onboarding_* | Tracks whether you've completed the onboarding walkthrough so it doesn't show again | Functional | Persistent |
| Cookie | Stripe cookies | Set by Stripe during payment processing for fraud prevention and security | Essential | Varies |
| Script | Analytics script | Privacy-focused analytics to understand page views, sessions, and feature usage (no personal data collected) | Analytics | Session |
3. Categories of Data We Collect
The following table provides a comprehensive overview of all categories of personal information we collect, organized by the California Consumer Privacy Act (CCPA) categories:
| Category | Examples | Collected? | Sold? |
|---|---|---|---|
| Identifiers | Name, email address, account ID, IP address | Yes | No |
| Financial Information | Stripe customer ID, transaction IDs (full card data handled exclusively by Stripe) | Partial | No |
| Internet Activity | Browsing history on our site, search queries, page interactions | Yes | No |
| Geolocation | Country/region (voluntarily provided), approximate location from IP | Yes | No |
| Audio/Visual | Screen recordings with audio submitted by Burners | Yes | No |
| Professional Info | Expertise, skills, bio (voluntarily provided) | Yes | No |
| Demographic Data | Age group, income range (voluntarily provided for matching) | Yes | No |
| Inferences | AI-generated sentiment scores, feedback themes, UX insights from review content | Yes | No |
| Sensitive Personal Info | Precise geolocation, SSN, health data, biometrics | No | No |
4. How to Manage Cookies
You have several options for managing cookies and similar technologies:
Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically find these in the "Options," "Preferences," or "Settings" menu of your browser. You can set your browser to block all cookies, accept all cookies, or notify you when a cookie is set. Please note that blocking essential cookies may prevent you from using key features of the Service, including logging in.
localStorage
You can clear localStorage data through your browser's developer tools or settings. In most browsers, navigate to Settings > Privacy > Clear Browsing Data and select "Cookies and other site data" or use the Application tab in developer tools to clear specific localStorage entries.
Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Our analytics tools are privacy-focused and do not track individual users across websites. We respect DNT signals where technically feasible, though there is currently no universally accepted standard for how websites should respond to DNT signals.
5. AI and Automated Processing
BurnTest uses artificial intelligence and automated processing in the following ways:
- Transcription: Audio from Burner recordings is automatically transcribed to text using speech-to-text AI services
- Sentiment Analysis: Review transcripts are analyzed by AI to generate sentiment scores, identify common themes, and produce aggregated insights for Clients
- Content Moderation: We may use automated tools to detect and flag potentially inappropriate or fraudulent content
These automated processes do not make decisions that produce legal effects or similarly significant effects on users. AI-generated insights are provided as supplementary information and do not replace human judgment. Clients are advised to use AI insights as one data point among many when making business decisions.
6. Data Transfers
BurnTest.io is operated from the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. The United States may not provide the same level of data protection as your home country. By using the Service, you explicitly consent to the transfer of your data to the United States.
For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure adequate protection for personal data transferred outside the EEA.
7. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than seventy-two (72) hours after becoming aware of the breach, where feasible. Notification will be provided via email to the address associated with your account and/or through a prominent notice on the Service. The notification will include the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.
8. Contact Us
If you have questions about this Data Collection & Cookie Policy or wish to exercise any of your data rights, please contact us:
This Data Collection & Cookie Policy is provided for transparency and compliance purposes. It should be read in conjunction with our Terms of Service and Privacy Policy. For specific legal questions, we recommend consulting with a qualified attorney.