Sign in Start Free
Features How It Works Pricing Docs
Sign in Start Free

Security at TestPlan

Your test data matters. Here's how we protect it.

Infrastructure

Microsoft Azure

TestPlan runs on Microsoft Azure, benefiting from enterprise-grade physical security, SOC 2 Type II certification, and ISO 27001 compliance.

UK Data Residency

All customer data is stored in Azure UK regions (UK South and UK West) by default. Enterprise customers can request specific regions.

Redundancy

Data is replicated across multiple availability zones. Automated backups run daily with 30-day retention.

Data Protection

Encryption in Transit

All connections use TLS 1.2+ encryption. We enforce HTTPS and use HSTS headers to prevent downgrade attacks.

Encryption at Rest

All data is encrypted at rest using AES-256 encryption. Encryption keys are managed through Azure Key Vault.

Password Security

Passwords are hashed using bcrypt with per-user salts. We never store plaintext passwords.

Access Control

Role-Based Access

Team members can be assigned Admin or Member roles. Admins control team settings, billing, and integrations.

SSO/SAML

Enterprise plans support Single Sign-On via SAML 2.0, allowing integration with your identity provider.

Audit Logging

All actions are logged with timestamps and user attribution. Activity logs are available in-app for compliance needs.

Application Security

Secure Development

We follow OWASP guidelines and conduct regular code reviews. Dependencies are monitored for vulnerabilities.

Vulnerability Management

Regular security assessments and dependency scanning. Critical vulnerabilities are patched within 24 hours.

API Security

API access requires authentication via API keys. Rate limiting and request validation protect against abuse.

Compliance

GDPR UK GDPR compliant. Data Processing Agreements available.
Data Export Export all your data anytime in standard formats.
Data Deletion Request complete data deletion at any time.

Incident Response

In the event of a security incident, we follow a documented response procedure:

  • Immediate containment and investigation
  • Notification to affected customers within 72 hours
  • Post-incident analysis and preventive measures
  • Transparent communication about root cause and remediation

Security Contact

Found a vulnerability? Have security questions? Contact our security team:

security@test-plan.io

For sensitive reports, we can provide a PGP key on request.