TestGrid Trust and Compliance Portal
We protect your testing infrastructure, execution environments, data, and artifacts through independently audited controls, customer-controlled environments, and strict physical and logical isolation.

We Understand Trust Is Earned, Not Given. And Our Actions Prove It.
20 Million+
Tests
100+
Enterprises
180+
Countries
500,000+
Users
Compliance Framework and Independent Assurance
TestGrid operates within an independently audited and continuously monitored control environment. Our infrastructure security is supported by recognized standards and third-party assurance.

SOC 2 Type II
Our systems are regularly audited across the Security, Availability, and Confidentiality Trust Services Criteria. Detailed Type II reports and access to our live Vanta Trust Center are available under NDA to qualified enterprise procurement and security teams.

ISO/IEC 27001:2022
Our global Information Security Management System is certified to ISO/IEC 27001:2022. It governs how we conduct risk assessments and manage access controls, information assets, security policies, and operational procedures.

HIPAA Compliance
Our platform supports healthcare automation workflows and testing requirements in HIPAA-regulated environments. We apply controls designed to prevent sensitive electronic Protected Health Information (ePHI) from being unnecessarily captured, logged, or cached during test execution.
Our Approach to Security and Compliance
You can count on us to upload the highest standards of data privacy, reliability, and integrity through a unified suite of capabilities.
Data Encryption
All of the data we deal with is encrypted both at rest and in transit using industry-standard protocols.
Access Controls
We use the principle of least privilege so that only authorized personnel can access sensitive information.
Continuous Monitoring
Our systems are monitored 24/7 to identify and mitigate potential real-time risks. Prevention is always better.
Incident Response
A dedicated team and a documented response plan allow us to address cyber incidents swiftly.

Deployment Security Within Your Perimeter
TestGrid enables you to keep testing infrastructure, device access, and execution activity within your organization’s security perimeter.
Zero Third-Party Control Plane Access
We operate within zero-trust and fully air-gapped environments without routine connectivity to external vendor systems.
Zero Third-Party Control Plane Access
We provide isolated deployment configurations without default external dashboard connectivity or tracking mechanisms to AWS, GCP, or other public cloud environments.
On-Premises Deployment
We can host dedicated physical mobile devices, browsers, orchestration components, and execution infrastructure entirely behind your organization’s firewall.
Your Test Data Remains Under Your Control
TestGrid keeps test artifacts, execution data, and operational outputs within customer-controlled infrastructure.
Local Artifact Containment
In on-premises and isolated deployments, we store screenshots, execution recordings, console logs, scripts, and other test artifacts exclusively within customer-controlled local storage. TestGrid doesn’t transmit them to the cloud or public endpoints.
No External Control-Plane Routing
We don’t transmit platform telemetry, performance data, metadata, or management-plane traffic from the isolated environment to TestGrid central systems.
Blast-Radius Containment and Multi-Layer Isolation
TestGrid enforces strict physical and logical boundaries to ensure that if an application under test is compromised, the blast radius remains at zero.
Single-Tenant Infrastructure
We dedicate devices and execution infrastructure exclusively to your organization rather than drawing them from a shared public device pool.
Dedicated Execution Nodes
We statically bind execution nodes to your tenant ID so that they’re never shared with other TestGrid customers.
Device-Level Ephemerality
Every mobile device, emulator, and browser session runs within a deterministic, disposable lifecycle. Each session is isolated from other customers, test environments, and execution activity.
Cryptographic Wiping
Upon session termination, we completely wipe installed `.apk` and `.ipa` files, browser history, keychains, cookies, local storage, custom root certificates, and other session data. We use hardware-level resets and automated disk-scrubbing procedures to return the environment to a clean state before its next use.
TestGrid Enterprise vs. Traditional Vendor-Managed Mobile and Browser Clouds
| Architectural Area | TestGrid Enterprise | Traditional Vendor-Managed Mobile and Browser Clouds |
|---|---|---|
| Control-Plane Boundary | We can operate orchestration components entirely within your secure network. | Orchestration commonly relies on continued connectivity to vendor-managed cloud services. |
| Deployment Model | We support customer-hosted, on-premises, isolated, and air-gapped deployments. | These platforms are typically delivered through SaaS or hybrid vendor-managed infrastructure. |
| Blast-Radius Mitigation | We use physical and logical isolation to contain compromised applications and sessions within the execution environment. | Isolation depends on the provider's shared-cloud architecture and tenant-separation controls. |
| Infrastructure Tenancy | We can dedicate devices and execution nodes exclusively to your organization. | Infrastructure may include shared or pooled resources, depending on the provider and service plan. |
| Telemetry Handling | We keep logs, artifacts, telemetry, and metadata within your network. | Operational and reporting data may be transmitted to vendor-managed monitoring and reporting systems. |
| Artifact Storage | We keep screenshots, videos, logs, and scripts within customer-controlled storage. | Artifacts are commonly stored or processed within the provider's cloud environment. |
| Network Connectivity | We support air-gapped deployments that operate without routine connectivity to external vendor systems. | Continued vendor-cloud connectivity is generally required for orchestration and reporting. |
| AI Processing Perimeter | We support local AI processing within the customer environment where it is included in the deployment architecture. | AI processing may rely on cloud-hosted services, third-party APIs, or vendor-managed processing environments. |
Review TestGrid’s Security Posture
Protecting your data is a responsibility built into how TestGrid is designed, deployed, and operated. Speak with our team about the deployment model that aligns with your infrastructure and compliance requirements.

Frequently Asked Questions (FAQs)
How does TestGrid protect customer data?
We protect customer data through encryption, role-based access controls, the principle of least privilege, continuous monitoring, and documented incident-response procedures. We also enforce multi-factor authentication for privileged and administrative access to our production systems.
How does TestGrid protect customer data?
We protect customer data through encryption, role-based access controls, the principle of least privilege, continuous monitoring, and documented incident-response procedures. We also enforce multi-factor authentication for privileged and administrative access to our production systems.
What security and compliance standards does TestGrid maintain?
We hold a SOC 2 Type II report covering the Security, Availability, and Confidentiality Trust Services Criteria. Our Information Security Management System is also certified to ISO/IEC 27001:2022. We support healthcare testing requirements in HIPAA-regulated environments.
What security and compliance standards does TestGrid maintain?
We hold a SOC 2 Type II report covering the Security, Availability, and Confidentiality Trust Services Criteria. Our Information Security Management System is also certified to ISO/IEC 27001:2022. We support healthcare testing requirements in HIPAA-regulated environments.
Where is TestGrid hosted?
Our hosted production platform operates within a US-based data center. We also offer on-premises and isolated configurations for organizations that need to keep testing infrastructure and execution activity within their own network perimeter.
Where is TestGrid hosted?
Our hosted production platform operates within a US-based data center. We also offer on-premises and isolated configurations for organizations that need to keep testing infrastructure and execution activity within their own network perimeter.
Does TestGrid work in on-premises and air-gapped environments?
Yes. We operate within on-premises, isolated, zero-trust, and fully air-gapped environments without routine connectivity to external vendor systems.
Does TestGrid work in on-premises and air-gapped environments?
Yes. We operate within on-premises, isolated, zero-trust, and fully air-gapped environments without routine connectivity to external vendor systems.
Where are test artifacts stored?
In on-premises and isolated environments, we store screenshots, execution recordings, console logs, scripts, and other test artifacts exclusively within customer-controlled local storage. We don't transmit them to the TestGrid cloud or public endpoints.
Where are test artifacts stored?
In on-premises and isolated environments, we store screenshots, execution recordings, console logs, scripts, and other test artifacts exclusively within customer-controlled local storage. We don't transmit them to the TestGrid cloud or public endpoints.
Can devices and execution nodes be dedicated to one customer?
Yes. We offer configurations in which physical devices and execution nodes are dedicated exclusively to your organization rather than shared through a public device pool.
Can devices and execution nodes be dedicated to one customer?
Yes. We offer configurations in which physical devices and execution nodes are dedicated exclusively to your organization rather than shared through a public device pool.
What happens to session data after a test ends?
Upon session termination, we wipe installed application files, browser history, keychains, cookies, local storage, custom root certificates, and other session data. We use hardware-level resets and automated disk-scrubbing procedures to return the environment to a clean state.
What happens to session data after a test ends?
Upon session termination, we wipe installed application files, browser history, keychains, cookies, local storage, custom root certificates, and other session data. We use hardware-level resets and automated disk-scrubbing procedures to return the environment to a clean state.
Are backups maintained and tested?
Yes. We back up production databases daily using incremental and full backups. Backups are encrypted with AES-256, and restoration procedures are tested at least annually.
Are backups maintained and tested?
Yes. We back up production databases daily using incremental and full backups. Backups are encrypted with AES-256, and restoration procedures are tested at least annually.
How can I access TestGrid's security and compliance documentation?
Qualified enterprise procurement and security teams can request access to our SOC 2 Type II report, ISO/IEC 27001:2022 certificate, security overview, deployment architecture guide, and Vanta Trust Center under NDA.
How can I access TestGrid's security and compliance documentation?
Qualified enterprise procurement and security teams can request access to our SOC 2 Type II report, ISO/IEC 27001:2022 certificate, security overview, deployment architecture guide, and Vanta Trust Center under NDA.
















