TestDino is SOC 2 Type 2 and ISO 27001 certified, GDPR compliant, and hosted on Microsoft Azure with encryption in transit and at rest. This page states the certifications, controls, and data-handling practices that back the platform.Documentation Index
Fetch the complete documentation index at: https://docs.testdino.com/llms.txt
Use this file to discover all available pages before exploring further.
Quick Reference
| Topic | Summary |
|---|---|
| Certifications | SOC 2 Type 2, ISO 27001, GDPR |
| Encryption | AES-256 at rest, TLS 1.2+ in transit |
| Hosting and infrastructure | Microsoft Azure, private networks, separate backups |
| Access control | Role-based, least-privilege, logged support access |
| AI data handling | Azure OpenAI, no model training on customer content |
| Report a vulnerability | Acknowledged within two business days |
Certifications
TestDino maintains independent third-party certifications covering security, availability, and confidentiality.| Standard | Scope | Covers |
|---|---|---|
| SOC 2 Type 2 | Security, Availability, Confidentiality | Operating effectiveness of controls over time |
| ISO 27001 | Information security management | Risk-based ISMS with annual surveillance audits |
| GDPR | Data protection | Data Processing Agreement and Standard Contractual Clauses for international transfers |
Encryption
Customer data is encrypted both in transit and at rest.| State | Method |
|---|---|
| In transit | HTTPS with TLS 1.2 or higher |
| At rest | AES-256 via Azure platform encryption |
| Key management | Azure-managed keys with automatic rotation |
Hosting and infrastructure
TestDino runs on Microsoft Azure, a SOC 2-audited subservice provider with redundant power, networking, and storage.- Production databases run in private virtual networks and are not exposed to the public internet.
- Automated backups are stored separately from production.
- Incident response procedures are documented and followed for security events.
Access control
Production access follows role-based, least-privilege defaults.- TestDino staff do not browse customer test data or traces in normal operation.
- Support access to a customer account requires the customer’s permission and is logged.
- A customer can request removal of their data per the contractual terms.
AI data handling
AI features run on the Microsoft Azure OpenAI Service. Microsoft does not use customer content sent through Azure OpenAI to train its foundation models. AI processing is controlled per project. When AI is disabled for a project, no test data from that project is sent to AI models. Configure this with the Enable AI Insights toggle in Project Settings, described in AI Controls.Report a vulnerability
Report suspected vulnerabilities to support@testdino.com. Reports are acknowledged within two business days. TestDino requests 90 days of confidentiality while a fix is developed and released.Related
Data Privacy Overview
What data is collected, protected, and retained
Data Retention
Retention periods and GDPR data rights
Data Redaction
How secrets are removed from traces and artifacts
Cloud Endpoints
Internet-facing services and firewall rules