> ## Documentation Index
> Fetch the complete documentation index at: https://docs.testdino.com/llms.txt
> Use this file to discover all available pages before exploring further.

# TestDino Security and Compliance

> TestDino is SOC 2 Type 2 and ISO 27001 certified, GDPR compliant, and hosted on Microsoft Azure with encryption in transit and at rest.

TestDino is SOC 2 Type 2 and ISO 27001 certified, GDPR compliant, and hosted on Microsoft Azure with encryption in transit and at rest. This page states the certifications, controls, and data-handling practices that back the platform.

## Quick Reference

| Topic                                                     | Summary                                                        |
| :-------------------------------------------------------- | :------------------------------------------------------------- |
| [Certifications](#certifications)                         | SOC 2 Type 2, ISO 27001, GDPR                                  |
| [Encryption](#encryption)                                 | AES-256 at rest, TLS 1.2+ in transit                           |
| [Hosting and infrastructure](#hosting-and-infrastructure) | Microsoft Azure, private networks, separate backups            |
| [Access control](#access-control)                         | Role-based, least-privilege, logged support access             |
| [AI data handling](#ai-data-handling)                     | Enterprise AI providers, no model training on customer content |
| [Report a vulnerability](#report-a-vulnerability)         | Acknowledged within two business days                          |

## Certifications

TestDino maintains independent third-party certifications covering security, availability, and confidentiality.

| Standard     | Scope                                   | Covers                                                                                 |
| :----------- | :-------------------------------------- | :------------------------------------------------------------------------------------- |
| SOC 2 Type 2 | Security, Availability, Confidentiality | Operating effectiveness of controls over time                                          |
| ISO 27001    | Information security management         | Risk-based ISMS with annual surveillance audits                                        |
| GDPR         | Data protection                         | Data Processing Agreement and Standard Contractual Clauses for international transfers |

A Data Processing Agreement is available for customers who require one. For audit reports or a signed DPA, email **[support@testdino.com](mailto:support@testdino.com)**.

## Encryption

Customer data is encrypted both in transit and at rest.

| State          | Method                                     |
| :------------- | :----------------------------------------- |
| In transit     | HTTPS with TLS 1.2 or higher               |
| At rest        | AES-256 via Azure platform encryption      |
| Key management | Azure-managed keys with automatic rotation |

## Hosting and infrastructure

TestDino runs on Microsoft Azure, a SOC 2-audited subservice provider with redundant power, networking, and storage.

* Production databases run in private virtual networks and are not exposed to the public internet.
* Automated backups are stored separately from production.
* Incident response procedures are documented and followed for security events.

## Access control

Production access follows role-based, least-privilege defaults.

* TestDino staff do not browse customer test data or traces in normal operation.
* Support access to a customer account requires the customer's permission and is logged.
* A customer can request removal of their data per the contractual terms.

For the full list of data categories TestDino collects, see [Access to Customer Data](/data-privacy/access-to-customer-data). For internet-facing services and firewall configuration, see [Cloud Endpoints](/data-privacy/cloud-endpoints).

## AI data handling

AI features run on enterprise AI providers under contractual terms that prohibit training their models on customer content.

AI processing is controlled per project. When AI is disabled for a project, no test data from that project is sent to AI models. Configure this with the **Enable AI Insights** toggle in [Project Settings](/platform/project-settings#ai-features), described in [AI Controls](/data-privacy/overview#ai-controls).

## Report a vulnerability

Report suspected vulnerabilities to **[support@testdino.com](mailto:support@testdino.com)**. Reports are acknowledged within two business days. TestDino requests 90 days of confidentiality while a fix is developed and released.

## Related

<CardGroup cols={2}>
  <Card title="Data Privacy Overview" icon="shield-check" href="/data-privacy/overview">
    What data is collected, protected, and retained
  </Card>

  <Card title="Data Retention" icon="clock-rotate-left" href="/data-privacy/data-retention">
    Retention periods and GDPR data rights
  </Card>

  <Card title="Data Redaction" icon="eraser" href="/data-privacy/data-redaction">
    How secrets are removed from traces and artifacts
  </Card>

  <Card title="Cloud Endpoints" icon="globe" href="/data-privacy/cloud-endpoints">
    Internet-facing services and firewall rules
  </Card>
</CardGroup>
