Testnizer
EN TR
Download

Privacy Policy

Testnizer collects no personal data by default. All your work stays on your local device. This policy explains what little does leave your machine, and why.

Effective date: 2026-05-07  ·  Applies to: all versions of Testnizer

This Privacy Policy explains how Testnizer ("the Software", "we", "our") handles information when you install and use the application. Testnizer is published by Pruvasoft Bilişim Teknolojileri Yazılım Danışmanlık ve Eğitim A.Ş. ("the Publisher"), located in İstanbul, Republic of Türkiye.

Testnizer is a free desktop application for testing APIs. It runs entirely on your local machine. We do not operate any backend service that receives, stores, or processes your data. We do not have user accounts. We do not monetize you in any way.

1. Overview (TL;DR)

  • Testnizer collects no personal data by default.
  • All workspaces, projects, branches, requests, responses, environment variables, certificates, and credentials stay on your local disk.
  • Outbound traffic from the Software is limited to:
    1. The API requests you explicitly send — these go directly from your device to the target you specify and never pass through us.
    2. A periodic version check against the GitHub Releases feed for auto-update.
    3. AI Chat: if you use the AI Chat feature, prompts and responses travel directly between your device and the AI provider you selected. We do not see, proxy, or store this content. See Section 6.
    4. Optional crash telemetry, only if you supply a SENTRY_DSN environment variable (off by default). See Section 5.
  • We have no user accounts, host nothing on your behalf, and do not see your traffic.

2. What Data We Collect

2.1 Data we collect from you: none, by default

Testnizer does not transmit your collections, requests, responses, headers, bodies, environment variables, secrets, certificates, history, AI prompts, or any other content you create or import — to us or to any third party under our control. We have no servers that receive this content. We have no analytics SDK, no tracking beacons, no advertising identifiers, no usage counters phoning home.

2.2 What "we collect" actually means

The only data exchange initiated by the Software where the destination is not an API target you chose is:

  • The auto-update version check (Section 4) — destination: GitHub.
  • Optional crash telemetry (Section 5) — destination: a Sentry instance you configured.

That is the complete list. There is no other path.

3. Local Data Storage

All your work product is stored on your own device. We have no copy and no ability to retrieve it.

Item Location
Database (SQLite)<userData>/testnizer.db
Settings<userData>/config.json
Secrets (passwords, tokens, certificates)OS keychain via Electron safeStorage (macOS Keychain, Windows DPAPI, libsecret on Linux)
Logs (if any)<userData>/logs/
AI provider configs & keysEncrypted in config.json via safeStorage

<userData> resolves to: macOS ~/Library/Application Support/Testnizer · Windows %APPDATA%\Testnizer · Linux ~/.config/Testnizer

You are the sole controller of this data. There is no cloud sync. You may inspect, edit, export, or delete it at any time by manipulating the files directly or by using the in-app Export / Settings menus.

4. Auto-Update

Testnizer uses electron-updater to check the project's public GitHub Releases feed at https://github.com/apinizer/testnizer/releases for newer versions. The check sends a standard HTTPS request consisting of the updater's User-Agent string (application name + currently installed version) and your IP address as visible to GitHub at the network layer.

No data about your workspaces, requests, responses, environments, credentials, or usage is sent. No account or device identifier is generated or transmitted. GitHub's handling of this request is governed by GitHub's own privacy policy.

You can disable the auto-updater in Settings → Updates. Disabling it has no effect on the Software's other functionality.

Lawful basis (GDPR Art. 6(1)(f)): legitimate interest in delivering security and stability fixes to installed binaries. This processing involves only IP and User-Agent metadata, intrinsic to any HTTPS request the user's machine makes to a public host.

5. Optional Telemetry (Sentry)

Testnizer ships without a default telemetry endpoint. There is no analytics, no crash reporting, no usage tracking enabled out of the box.

Crash reporting only activates when you (or your organization, when self-distributing) build or run the application with a SENTRY_DSN environment variable set. When and only when that DSN is present, the following may be sent to the configured Sentry instance: application version, OS version, runtime version; stack traces of unhandled errors; non-PII breadcrumbs (UI navigation events, IPC channel names).

The following are never sent — even when telemetry is enabled: request or response bodies, target URLs, headers, cookies; bearer tokens, credentials, API keys, OAuth tokens, JWTs; TLS client certificates or private keys; environment-variable values; file contents; AI Chat prompts or responses.

The official binaries we publish on Testnizer.com and GitHub Releases ship without a SENTRY_DSN and therefore transmit no telemetry.

Lawful basis (GDPR Art. 6(1)(a)): explicit opt-in by the user or the self-distributing organization that sets the SENTRY_DSN.

6. AI Chat Feature

Testnizer includes an "AI Chat" tab that allows you to converse with a large-language-model provider of your choice from within the application. The application ships with presets for:

  • OpenAI
  • Anthropic
  • Groq
  • Google (Gemini)
  • Azure OpenAI
  • Cohere
  • Mistral
  • Perplexity
  • Together AI
  • OpenRouter
  • Fireworks AI
  • DeepSeek
  • xAI (Grok)
  • Ollama (local — no outbound)

When you use AI Chat, the prompts you submit and the responses returned travel directly from your machine to the AI provider's API endpoint, authenticated with the API key you supplied. Testnizer does not proxy, relay, intercept, log, or store this content at any point — it is a peer-to-peer connection between your device and the provider you selected.

  • We have no access to your prompts or model responses.
  • The AI provider you selected sees your prompts, responses, and IP. Each provider has its own privacy policy, retention policy, and training-data policy. Review the privacy policy of the provider you select before sending sensitive data.
  • Data sent to AI providers may be retained or used to improve their models, entirely outside our control.
  • You can run AI Chat fully offline by selecting the Ollama preset (or any locally-hosted endpoint). No outbound traffic leaves your machine in that case.
  • Your API keys are stored locally, encrypted via the OS keychain (Section 3), and sent only to the provider they belong to.

Lawful basis (GDPR Art. 6(1)(a)): explicit opt-in by the user. With respect to data processed by the AI provider, the AI provider is the data controller; we are neither.

If you do not use the AI Chat feature, no AI-related network traffic is generated by the Software.

7. Third-Party Services

Testnizer interacts with third-party services only as a direct result of actions you take. We have no affiliation with these services and no control over how they handle the data you choose to send them.

Service When contacted What is shared Controller
GitHub Releases Auto-update check Version metadata, IP, User-Agent GitHub, Inc.
Your API targets When you click Send Whatever you put in the request Operator of that endpoint
Sentry (optional) Only if SENTRY_DSN is configured Anonymous error metadata (§5) Operator of that Sentry instance
AI providers (optional) When you use AI Chat Your prompts and context (§6) The selected AI provider

8. Cookies and Tracking

Testnizer is a desktop application, not a website, and uses no tracking cookies, no advertising cookies, no analytics cookies. The Software does not embed any tracking pixels or third-party tags.

When you call HTTP APIs that set cookies, those cookies are stored on your machine via tough-cookie so that subsequent requests within the same session can include them. Those cookies are your data, scoped to the API targets you chose, and stay on your device.

9. Children's Privacy

Testnizer is intended for software developers, QA engineers, and IT professionals. It is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from anyone, regardless of age. If a parent or guardian believes a child has used the Software in a way that warrants attention, please contact us at the address in Section 15.

10. GDPR and International Users

Because Testnizer does not transmit your personal data to us by default, no cross-border transfer is initiated by the Software, and we act neither as a data controller nor as a data processor with respect to the content you create. The processing in Sections 4 and 5 is limited to network metadata or opt-in technical crash data.

Principles honored by design:

  • Data minimization (Art. 5(1)(c)): the application asks for nothing it does not strictly need to operate. There is no email collection, no account, no profile.
  • Purpose limitation (Art. 5(1)(b)): the only outbound traffic we initiate (the GitHub update check) has the single purpose of delivering newer versions.
  • Storage limitation (Art. 5(1)(e)): all your work product is stored locally; deletion is fully under your control.
  • Lawful basis (Art. 6):
    • Auto-update — Art. 6(1)(f) legitimate interest (security & stability).
    • Telemetry — Art. 6(1)(a) explicit opt-in.
    • AI Chat — Art. 6(1)(a) explicit opt-in (the AI provider, not us, is the controller).

You retain full control over your data on your device — exercising the rights of access, rectification, erasure, restriction, portability, and objection by editing or deleting the local database directly, or by using the in-app export and clear-data features.

11. Security

The Software employs the following defensive practices:

  • Local secret encryption. Passwords, API keys, OAuth tokens, and client certificates are encrypted at rest via Electron safeStorage, which delegates to the OS keychain. Plain-text secrets are never written to disk.
  • Renderer hardening. The Renderer process runs with contextIsolation: true, nodeIntegration: false, and a strict CSP of connect-src 'self', which means the UI cannot make outbound network calls.
  • Process separation. The UI cannot directly access the filesystem, child processes, or network. All such operations are mediated by typed IPC channels with input validation in the Main process.
  • No telemetry by default. Crash data does not leave your machine unless you opt in (Section 5).

No software is perfectly secure. You remain responsible for the physical and logical security of the device on which Testnizer runs, including keeping your operating system and the Software updated, using full-disk encryption, and protecting against unauthorized physical access.

12. International Transfers

The Software does not initiate cross-border transfers of your work product. Outbound network traffic initiated by the Software is limited to:

  • Auto-update requests to GitHub, served by GitHub's global edge network. GitHub's data-handling and Standard Contractual Clauses are documented in its own privacy policy.
  • Optional Sentry crash reports, transmitted to whichever Sentry endpoint you configured.
  • AI Chat requests, transmitted directly from your device to the AI provider you selected. The location of that provider's infrastructure is determined by your provider choice; review their privacy policy for details.

We do not send your data to any third country ourselves.

13. Your Rights

Because we hold no data about you, exercising your data-protection rights generally means acting on your local device:

  • Right of access. Inspect the local database, configuration files, and exported collections directly. The Software's Export feature produces a portable JSON snapshot of any workspace.
  • Right to rectification. Edit any record from within the Software.
  • Right to erasure. Delete the user-data directory listed in Section 3, or use the in-app "Clear data" option in Settings, or uninstall the Software (the user-data directory may persist after uninstall on some platforms — delete it manually to complete erasure).
  • Right to portability. Use the Export functions (OpenAPI, Postman, HAR) to obtain your data in standard interoperable formats.
  • Right to object / restrict processing. Disable auto-update in Settings; do not configure SENTRY_DSN; do not use AI Chat.

If a third-party provider (an AI provider, a Sentry instance, or an API target) holds personal data about you because of how you used Testnizer, please direct your data-protection request to that provider directly — we cannot act on their behalf.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes are reflected by updating the Last updated date at the top of this document and incrementing its hash. When the document hash changes, the in-application consent gate prompts you to review and accept the updated text on the next launch of the Software. If you decline the updated text, the Software will exit and you must uninstall it to terminate the relationship.

We will not retroactively reduce protections in this Policy without first giving you the opportunity to refuse the change.

15. Contact

For questions, requests, or complaints about this Privacy Policy or about how Testnizer handles data:

  • Privacy & legal: info@apinizer.com
  • Website: www.testnizer.com
  • Postal: Pruvasoft Bilişim Teknolojileri Yazılım Danışmanlık ve Eğitim A.Ş., Üniversiteler Mah. 1606 Cad. Cyberpark A-Blok No:4 A/305, 06800 Bilkent/Ankara, Türkiye
  • Phone / Fax: 0312 265 02 36 / 0312 265 02 38

Also see: End User License Agreement

Copyright © 2026 Pruvasoft Bilişim Teknolojileri Yazılım Danışmanlık ve Eğitim A.Ş.