Security & privacy

Built on robust security standards, backed by independent certification and industry-leading infrastructure.

Compliance

We've been independently audited and accredited to industry-leading security and compliance standards.

SOC 2 Type II TestLodge is SOC 2 Type II certified. Our security controls are independently audited and verified on an ongoing basis.
PCI No card data is processed or stored by TestLodge. To ensure that your card details never pass through our servers, all payments are handled by Recurly, our PCI DSS-compliant payment partner.

Privacy

Your data belongs to you. Here's how we collect, store, and protect it.

GDPR TestLodge is fully GDPR compliant. As a cloud-hosted service, we act as the data processor, and you remain the data controller. That means your data is always yours.
How we handle your data We store your testing data, such as test plans, requirements, test cases, and test runs. We don't use your data for any purpose beyond delivering the service.

Security

We've built multiple layers of protection into every part of the TestLodge platform.

  • Security testing and encryption

  • Penetration testing Was carried out as part of our SOC 2 Type II certification process.
  • SSL encryption Is independently verified via Qualys SSL Labs.
  • Google's Cloud Application Security Assessment (CASA) Is conducted annually by Google to verify that TestLodge meets Google's security standards for accessing their sensitive APIs, including Google Drive and Google Sheets.
  • TLS Encryption protects all data in transit.
  • Advanced Encryption Standard (AES-256) Is used to encrypt data at rest, and is applied across our databases and servers via AWS-managed encryption.

  • Authentication

  • User authentication Is powered by Auth0, an Okta company, one of the most trusted identity platforms in the world.
  • Single Sign-On Is supported by Google, so your team can sign in using existing Google credentials.
  • Two-factor authentication (2FA) Is offered on all accounts to further secure account access.

  • Cloud provider

  • Amazon Web Services (AWS) Powers our main servers and databases, bringing enterprise-grade security, reliability, and compliance certifications to every part of the TestLodge platform.

Subprocessors

We publish a full list of subprocessors that process data on our behalf. All vendors are contractually bound to the same data protection standards we hold ourselves to. If we add or change a sub-processor, we'll notify you by email at least 30 days in advance.

View subprocessors

Reliability

TestLodge is built to be dependable: fast, stable, and supported by real people.

Uptime transparency

Uptime

and historical incidents can be tracked at status.testlodge.com.

Reliable support

Customer support

is handled by a senior technical member of our team. No chatbots or outsourced support reps.

Extremely responsive

Built for speed

Hosted on AWS, which delivers fast, consistent load times, no matter where your team is based.

Legal agreements

All the documents you need to understand how we operate and protect your data.

FAQ

Common questions about security, privacy, and how we handle your data.

Can I see the SOC 2 report?
Yes. We're happy to share our SOC 2 Type II report on request. We'll ask you to sign a short NDA. Request a copy.
Where is our data physically stored?
TestLodge's main servers are physically located in the United States on AWS. For a full breakdown of the subprocessors involved in data storage, see our subprocessor list.
What happens to our data if we cancel?
We follow GDPR standards for data retention. After your account is canceled, your data is kept for a short period before being permanently deleted and eventually rotated out of backups. See our DPA for specific timelines.
Are database backups encrypted?
Yes. Database backups are encrypted and protected using AWS Backup Vault Lock. This prevents backups from being deleted or altered, even by administrators, until the retention period expires.
Can we export our data?
Yes, your data can be exported at any time. Learn more about exporting content.
How granular are user permissions?
TestLodge gives you control over who can create, edit and access content. Learn how to manage user permissions.
How quickly are customers notified in the event of a breach?
We follow GDPR breach notification standards. In the event of a security incident (whether involving TestLodge directly or a subprocessor), we'll notify you within 72 hours of having become aware.
Were there any exceptions in the SOC 2 audit?
No. TestLodge passed its SOC 2 Type II audit without exceptions.

Try TestLodge

Explore TestLodge further and see how it can make your QA team more productive.

Start free trial See plans & pricing