Testmo logo
SECURITY
CENTER
Security & Cloud
Infrastructure
Learn about our cloud infrastructure and benefits.
Compliance, Trust &
Providers
Testmo only works with the best providers to ensure compliance.
Data Processing &
Privacy Policy
How we use, store and process personal data & GDPR.

Designed for high availability,
resilience, security & scalability

Redundant cloud

Our cloud infrastructure is designed to be redundant and highly resilient to outages to achieve high uptimes.

Tenant isolation

Unique to Testmo, every customer has its own isolated database, resulting in better performance and security.

24/7 active monitoring

All of our critical cloud infrastructure is actively monitored by our own in-house team around the clock.

Strong data encryption

Strong HTTPS/TLS network encryption. And encryption of data at rest guaranteed by cloud providers.

World-class infrastructure

Testmo uses data centers and systems by leading cloud providers such as Amazon AWS and Microsoft Azure.

Scalable, fast & efficient

Automatic scaling of resources, highly optimized database access & fast technology stack.

Using world-class providers
with proven compliance

For our Testmo cloud infrastructure we only work with trusted providers to ensure their compliance with standard security programs.

Testmo uses Amazon AWS cloud services. Learn more about Amazon's compliance, such as:

Testmo uses Microsoft Azure cloud services. Learn more about Azure's compliance, such as:

Important product security features to
keep your data & users secure

Testmo comes with many features that help you manage user access, protect your account data and integrate with identity providers.
Fine-grained permissions
  • Assign permissions & roles
  • Permissions to manage reads, writes & deletes for entities
  • Overwrite & combine permissions
Customizable user groups
  • User groups to manage teams, divisions or customers
  • Additional project & site admins for flexible administration
Custom policies & rules
  • Custom password policies to comply with your standards
  • Flexible rules to assign login methods to user types and groups
Project isolation
  • Project-level permissions & access
  • Manage third-party integrations globally or per project
  • Archived & read-only projects
Secure integrations
  • Secure integrations with tools such as Jira, GitHub, GitLab & more
  • Rich authentication via OAuth or Atlassian Connect
  • Official integration listings
Audit logging
  • Integrated auditing to log access, changes & modifications
  • Rich audit log filtering options
  • Testmo Enterprise-only feature
Two-factor authentication
  • Industry standard 2FA support
  • TOTP & Google Auth app support
  • Optionally enforce 2FA
  • Testmo Enterprise-only feature
Identity provider integration
  • Configurable IdP integration
  • Azure, Google, Okta, OneLogin & more
  • Auto-provisioning support
  • Testmo Enterprise-only feature
Custom SAML support
  • Custom SAML integration with additional Identity providers
  • Custom login method assignments for users
  • Testmo Enterprise-only feature

Frequently asked security questions

Yes, Testmo operates a security incident response program following industry best practices. We work closely with security researches and developers to identity and resolve security vulnerabilities.

You can report any findings, notify us about security concerns and disclose issues. To get in touch with our security team and to learn more, please see our incident response program.

Testmo's main application cloud services are hosted with Amazon AWS in the US east region across multiple availability zones.

Additionally, as part of our business continuity plans, we use Microsoft Azure for some cloud services.

Our goal is to provide a high average uptime for all our services. We have designed our infrastructure to be resilient to outages of individual systems and monitor all systems 24/7. We publish our current and past system uptimes and service status.

Testmo uses strong encryption with industry standard encryption algorithms and protocols. For example, we protect data moving through public networks with protocols such as HTTPS/TLS. We also use strong AES encryption for backup files. Amazon AWS features to encrypt data stored at rest are enabled.

We do not run our own data centers or servers and Testmo itself does not hold certifications as of now. We follow security and data protection industry best practices to develop our software products.

We use data centers from Amazon AWS and Microsoft Azure, which maintain various certifications including SOC, ISO, PCI DSS and FedRamp compliance.

Testmo is used to manage software testing activities. Customers store test cases, test data and test results in Testmo. We ask customers not to upload, store and submit production data, personally identifiable information (PII) or other non-testing data to Testmo. You can also learn more in our Terms of Service and Privacy Policy.

We ask you to contact us before running any vulnerability scans or penetration tests. Running such tests against your account or production Testmo instance can lead to automatic rate limiting, account suspension or other counter measures by us or our cloud providers.

We can also provide vulnerability scan results by independent third parties on request, so you do not necessarily need to run your own tests.

Yes, as part of Testmo's Enterprise edition, users can enable two-factor authentication. Additionally, administrators can enforce two-factor authentication for all users. Testmo uses the standard TOTP protocol and supports common authentication apps such as Google Authenticator.

Testmo's Enterprise edition also supports SAML authentication with identity providers (IdP) such as Google Workspace, Azure Active Directory, Okta, OneLogin and other custom services. You can learn more in our documentation.

You can learn more about what data we collect and how we use and process data in our Privacy Policy.

Testmo is used to manage software testing activities. Therefore only test data should be stored and submitted to Testmo. Production data or personally identifiable information (PII) should not be stored in Testmo, which makes it easier for you to be GDPR compliant.

Additionally, Testmo implements important product features such as removing user names/emails (Forget User feature) to help you stay compliant.

Testmo's DPA along with jurisdiction-specific terms and data processing terms are posted on our legal page here: https://www.testmo.com/legal.

Customers can generate data exports from active Testmo accounts. Exports can be generated from Testmo under Admin → Exports. You can learn more about data exports and the data format in our documentation.

We can provide vulnerability scan results by independent third parties on request, so you do not necessarily need to run your own tests. Please just contact us to request these details.

Similar to other major modern services, Testmo is a cloud web application. This way we can better optimize the performance, security, scalability and user experience. We do not offer an on-premise server edition at this time.

It would be cost-prohibitive to complete lengthy custom security questionnaires, vendor assessment forms or cloud security surveys for each individual account. Instead, we can provide an industry-standard CAIQ-Lite questionnaire with common security questions on request. Simply contact us to receive the document.

Get news about Testmo & software testing

Also receive our free original testing & QA content directly in your inbox whenever we publish new guides and articles.
We will email you occasionally when news about Testmo and testing content is published. You can unsubscribe at any time with a single click. Learn more in our privacy policy.