Security First

Your code and data
stay secure.

We use industry-standard security practices to protect your screenshots, test results, and source code.

Security Features Report Issue
Security Measures

How we protect
your data.

Enterprise-grade security built into every layer of our platform.

Encryption
Data in Transit & At Rest
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Screenshots and test results are stored encrypted in Google Cloud Storage.
256-bit AES encryption
Access Control
Role-Based Permissions
Fine-grained access controls ensure team members only see the projects they're authorized to access. SSO integration available.
SAML/OAuth support
Data Privacy
Your Code Stays Private
We never store your source code. Only screenshots and metadata are analyzed. AI processing uses isolated instances.
Zero source code storage
Compliance
Industry Standards
SOC 2 Type II certified. GDPR and CCPA compliant. Regular third-party security audits and penetration testing.
SOC 2 Type II certified
Infrastructure Security

Built on
trusted cloud infrastructure.

We leverage Google Cloud's security features to keep your data safe.

Google Cloud Platform: All services run on GCP with VPC isolation, firewall rules, and private networking.

Container Security: All containers run with minimal privileges, non-root users, and are scanned for vulnerabilities.

API Security: Rate limiting, request validation, and JWT-based authentication protect all API endpoints.

Backup & Recovery: Automated daily backups with point-in-time recovery. 99.9% uptime SLA.

Monitoring: 24/7 security monitoring with automated threat detection and incident response.

security-overview.md
# Security Architecture

## Data Flow
1. Client → TLS 1.3 → Load Balancer
2. WAF Protection → API Gateway
3. Auth Service → Rate Limiting
4. Application → VPC Isolated
5. Storage → Encrypted at Rest

## Key Controls
- MFA required for all users
- Session timeout: 30 minutes
- Audit logging enabled
- IP allowlisting available
- Regular key rotation
Compliance & Certifications

Meeting the
highest standards.

Our commitment to security and privacy is demonstrated through independent certifications.

🔒
SOC 2 Type II
Audited annually for security, availability, and confidentiality controls.
🛡️
GDPR Compliant
Full compliance with EU data protection regulations. Data processing agreements available.
⚖️
CCPA Ready
California Consumer Privacy Act compliance with data deletion and portability rights.
Data Handling Policy

What data we collect
and how we use it.

Transparency about data processing and retention.

Data Type Collected Retention Purpose
Screenshots Yes 30 days Visual comparison only
DOM Structure Yes 24 hours Fingerprint comparison
Source Code Never N/A Not stored or accessed
User Data Yes Until deletion Account management
API Keys Yes Rotatable Authentication

Data is automatically deleted according to retention policies. Enterprise customers can customize retention periods.

Responsible Disclosure

Help us improve
our security.

If you discover a vulnerability, please report it responsibly.

security@testiv.ai
What to include in your report:

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any proof-of-concept code (if applicable)

Our commitment:

• Response within 24 hours
• Detailed resolution timeline
• Public acknowledgment (if desired)
• Bug bounty program coming soon
Security Questions?

Our security team
is here to help.

For security concerns or questions, contact our security team directly.

Email Security Team → View Documentation