Security | TestivAI

Security Measures

How we protect
your data.

Enterprise-grade security built into every layer of our platform.

Encryption

Data in Transit & At Rest

All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Screenshots and test results are stored encrypted in Google Cloud Storage.

256-bit AES encryption

Access Control

Role-Based Permissions

Fine-grained access controls ensure team members only see the projects they're authorized to access. SSO integration is planned for a future release.

Role-based access control

Data Privacy

Your Code Stays Private

We never store your source code. We capture screenshots and the visible HTML structure of the page under test. We recommend using staging environments and test data to avoid capturing production PII. No cookies, tokens, headers, or network traffic is collected.

Zero source code storage

Compliance

Industry Standards

We are preparing for SOC 2 Type II readiness. Our current security practices include AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, and automated data retention enforcement. Contact us at hello@testiv.ai for our detailed security practices document.

Compliance on roadmap

Infrastructure Security

Built on
trusted cloud infrastructure.

We leverage Google Cloud's security features to keep your data safe.

Cloud Infrastructure: All services run on enterprise-grade cloud infrastructure with network isolation and private networking.

Container Security: All services run with minimal privileges and are regularly scanned for vulnerabilities.

API Security: Rate limiting, request validation, and token-based authentication protect all API endpoints.

Backup & Recovery: Automated daily backups with point-in-time recovery.

Monitoring: Continuous security monitoring with automated threat detection and incident response.

security-overview.md

# Security Architecture

## Data Flow

1. Client → TLS 1.3 → Load Balancer

2. Security Layer → API Gateway

3. Auth Service → Rate Limiting

4. Application → Network Isolated

5. Storage → Encrypted at Rest

## Key Controls

- Optional two-factor authentication (2FA)

- Token-based session authentication

- Activity logging

- API key rotation available

- Role-based access control

Compliance Roadmap

Compliance certifications
planned for the future.

We're committed to achieving industry-standard compliance certifications as we grow.

We are planning to pursue SOC 2 Type II, GDPR, and CCPA compliance certifications. These are on our roadmap as we continue to enhance our security and privacy practices.

Data Handling Policy

What data we collect
and how we use it.

Transparency about data processing and retention.

Data Type	Collected	Retention	Purpose
Screenshots	Yes	7 days (candidates), kept until deleted (baselines)	Visual comparison
Page Structure	Yes	7 days (candidates), kept until deleted (baselines)	Structural comparison
CSS Styles	Yes	7 days (candidates), kept until deleted (baselines)	Style analysis
Performance Metrics	Yes	7 days	Regression detection
Source Code	Never	N/A	Not stored or accessed
User Data	Yes	Until deletion	Account management
API Keys	Yes	Rotatable	Authentication

Baselines are the approved reference screenshots for your tests. They are kept until you explicitly delete them or delete all project data.

Candidates are screenshots from each test run that are compared against baselines. They are automatically deleted after 7 days to save storage.

You can export all your project data as a ZIP file at any time, or permanently delete all data (including baselines) from your project settings.

Responsible Disclosure

Help us improve
our security.

If you discover a vulnerability, please report it responsibly.

Security Report

What to include in your report:

• Detailed description of the vulnerability

• Steps to reproduce the issue

• Potential impact assessment

• Any proof-of-concept code (if applicable)

Our commitment:

• Response within 24 hours

• Detailed resolution timeline

• Public acknowledgment (if desired)

• Bug bounty program coming soon

Your code and data
stay secure.

How we protect
your data.

Built on
trusted cloud infrastructure.

Compliance certifications
planned for the future.

What data we collect
and how we use it.

Help us improve
our security.

Our security team
is here to help.

Your code and datastay secure.

How we protectyour data.

Built ontrusted cloud infrastructure.

Compliance certificationsplanned for the future.

What data we collectand how we use it.

Help us improveour security.

Our security teamis here to help.

Your code and data
stay secure.

How we protect
your data.

Built on
trusted cloud infrastructure.

Compliance certifications
planned for the future.

What data we collect
and how we use it.

Help us improve
our security.

Our security team
is here to help.