TestDino

Security and compliance at TestDino

Independently audited controls, encrypted data, and a security program built for Playwright teams that ship to production.

TestDino, operated by Alphabin Technology Consulting, holds an unqualified SOC 2 Type 2 opinion against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. We are also ISO 27001 certified and GDPR compliant. The product in scope is the TestDino test intelligence and observability platform for Playwright teams.

Certifications

SOC 2 Type 2

Certified

SOC 2 Type 2 Certified

Independently audited by Percilchofe CPA LLC against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality.

  • Unqualified opinion across all tested controls
  • Trust Service Criteria: Security, Availability, Confidentiality
  • Available under NDA

ISO 27001

Certified

ISO 27001 Certified

TestDino operates an Information Security Management System (ISMS) certified to the ISO/IEC 27001 international standard, covering risk management, controls, and continuous improvement.

  • Risk-based information security management
  • Annual surveillance and recertification audits
  • Certificate available on request

GDPR

Compliant

GDPR Compliant

TestDino processes personal data in line with the EU General Data Protection Regulation. We sign Data Processing Agreements with customers and provide standard contractual clauses for international transfers.

  • Data Processing Agreement available on request
  • Standard Contractual Clauses for EU/EEA transfers
  • Right to access, rectification, erasure, and portability

SOC 2 Type 2 reports and ISO 27001 certificates are shared under a mutual NDA. We respond to access requests within two business days.

Data Protection

  • All customer data is encrypted at rest and in transit using industry-standard encryption.
  • Production databases are isolated within a private virtual network and not exposed to the public internet.
  • Customer data is removed from TestDino systems on request or per contractual terms.

Access Control

  • Role-based access control with least-privilege defaults across the production environment and source code.
  • Multi-factor authentication is required for production console and Azure access.
  • Access is reviewed at predefined intervals and revoked promptly when an employee or contractor leaves.

Infrastructure

  • Hosted on Microsoft Azure, our SOC 2 audited subservice provider for data center services.
  • Production systems sit behind a virtual private cloud with security groups acting as virtual firewalls.
  • Infrastructure changes follow a documented SDLC with peer review and automated checks before release.

People

  • Background verification checks on every employee and contractor before access is granted.
  • Mandatory security awareness training at hire and annually thereafter.
  • Confidentiality and acceptable-use obligations apply to everyone with access to customer data.

Operations

  • Routine internal vulnerability scans and remediation workflows.
  • Documented incident response process with defined roles, escalation, and customer notification.
  • Disaster recovery and business continuity plans tested to restore service after extended outages.

Report a Vulnerability

If you believe you have found a security vulnerability in TestDino, email [email protected] with reproduction steps, affected endpoints, and any proof-of-concept material. We acknowledge reports within two business days and ask that you do not publicly disclose the issue until we've confirmed a fix.

For privacy and data-handling questions, see our Privacy Policy and GDPR page.