TestGrid Trust and Compliance Portal

We protect your testing infrastructure, execution environments, data, and artifacts through independently audited controls, customer-controlled environments, and strict physical and logical isolation.

Telecom

We Understand Trust Is Earned, Not Given. And Our Actions Prove It.

tests

20 Million+

Tests

Enterprises

100+

Enterprises

Countries

180+

Countries

Users

500,000+

Users

Compliance Framework and Independent Assurance

TestGrid operates within an independently audited and continuously monitored control environment. Our infrastructure security is supported by recognized standards and third-party assurance.

SOC 2 Type II

Our systems are regularly audited across the Security, Availability, and Confidentiality Trust Services Criteria. Detailed Type II reports and access to our live Vanta Trust Center are available under NDA to qualified enterprise procurement and security teams.

ISO/IEC 27001:2022

Our global Information Security Management System is certified to ISO/IEC 27001:2022. It governs how we conduct risk assessments and manage access controls, information assets, security policies, and operational procedures.

HIPAA Compliance

Our platform supports healthcare automation workflows and testing requirements in HIPAA-regulated environments. We apply controls designed to prevent sensitive electronic Protected Health Information (ePHI) from being unnecessarily captured, logged, or cached during test execution.

Our Approach to Security and Compliance

You can count on us to upload the highest standards of data privacy, reliability, and integrity through a unified suite of capabilities.

encrypt

Data Encryption

All of the data we deal with is encrypted both at rest and in transit using industry-standard protocols.

controls

Access Controls

We use the principle of least privilege so that only authorized personnel can access sensitive information.

monitoring

Continuous Monitoring

Our systems are monitored 24/7 to identify and mitigate potential real-time risks. Prevention is always better.

incident

Incident Response

A dedicated team and a documented response plan allow us to address cyber incidents swiftly.

Deployment Security Within Your Perimeter

TestGrid enables you to keep testing infrastructure, device access, and execution activity within your organization’s security perimeter.

Zero Third-Party Control Plane Access

We operate within zero-trust and fully air-gapped environments without routine connectivity to external vendor systems.

Zero Third-Party Control Plane Access

We provide isolated deployment configurations without default external dashboard connectivity or tracking mechanisms to AWS, GCP, or other public cloud environments.

On-Premises Deployment

We can host dedicated physical mobile devices, browsers, orchestration components, and execution infrastructure entirely behind your organization’s firewall.

Your Test Data Remains Under Your Control

TestGrid keeps test artifacts, execution data, and operational outputs within customer-controlled infrastructure.

Local Artifact Containment

In on-premises and isolated deployments, we store screenshots, execution recordings, console logs, scripts, and other test artifacts exclusively within customer-controlled local storage. TestGrid doesn’t transmit them to the cloud or public endpoints.

No External Control-Plane Routing

We don’t transmit platform telemetry, performance data, metadata, or management-plane traffic from the isolated environment to TestGrid central systems.

Blast-Radius Containment and Multi-Layer Isolation

TestGrid enforces strict physical and logical boundaries to ensure that if an application under test is compromised, the blast radius remains at zero.

Single-Tenant Infrastructure

We dedicate devices and execution infrastructure exclusively to your organization rather than drawing them from a shared public device pool.

Dedicated Execution Nodes

We statically bind execution nodes to your tenant ID so that they’re never shared with other TestGrid customers.

Device-Level Ephemerality

Every mobile device, emulator, and browser session runs within a deterministic, disposable lifecycle. Each session is isolated from other customers, test environments, and execution activity.

Cryptographic Wiping

Upon session termination, we completely wipe installed `.apk` and `.ipa` files, browser history, keychains, cookies, local storage, custom root certificates, and other session data. We use hardware-level resets and automated disk-scrubbing procedures to return the environment to a clean state before its next use.

TestGrid Enterprise vs. Traditional Vendor-Managed Mobile and Browser Clouds

Architectural AreaTestGrid EnterpriseTraditional Vendor-Managed Mobile and Browser Clouds
Control-Plane BoundaryWe can operate orchestration components entirely within your secure network.Orchestration commonly relies on continued connectivity to vendor-managed cloud services.
Deployment ModelWe support customer-hosted, on-premises, isolated, and air-gapped deployments.These platforms are typically delivered through SaaS or hybrid vendor-managed infrastructure.
Blast-Radius MitigationWe use physical and logical isolation to contain compromised applications and sessions within the execution environment.Isolation depends on the provider's shared-cloud architecture and tenant-separation controls.
Infrastructure TenancyWe can dedicate devices and execution nodes exclusively to your organization.Infrastructure may include shared or pooled resources, depending on the provider and service plan.
Telemetry HandlingWe keep logs, artifacts, telemetry, and metadata within your network.Operational and reporting data may be transmitted to vendor-managed monitoring and reporting systems.
Artifact StorageWe keep screenshots, videos, logs, and scripts within customer-controlled storage.Artifacts are commonly stored or processed within the provider's cloud environment.
Network ConnectivityWe support air-gapped deployments that operate without routine connectivity to external vendor systems.Continued vendor-cloud connectivity is generally required for orchestration and reporting.
AI Processing PerimeterWe support local AI processing within the customer environment where it is included in the deployment architecture.AI processing may rely on cloud-hosted services, third-party APIs, or vendor-managed processing environments.

Recognized by Industry Leaders

These acknowledgements reflect our continued commitment to platform quality, dependable service, and customer trust.

HAPPIEST USER
BEST RELATIONSHIP
BEST FEATURE SET
QUALITY
HAPPIEST
SOURCEFORGE
TOP RATED
Best of Georgia Nominee

Review TestGrid’s Security Posture

Protecting your data is a responsibility built into how TestGrid is designed, deployed, and operated. Speak with our team about the deployment model that aligns with your infrastructure and compliance requirements.

net

Frequently Asked Questions (FAQs)

01

How does TestGrid protect customer data?

plus

We protect customer data through encryption, role-based access controls, the principle of least privilege, continuous monitoring, and documented incident-response procedures. We also enforce multi-factor authentication for privileged and administrative access to our production systems.

02

What security and compliance standards does TestGrid maintain?

plus

We hold a SOC 2 Type II report covering the Security, Availability, and Confidentiality Trust Services Criteria. Our Information Security Management System is also certified to ISO/IEC 27001:2022. We support healthcare testing requirements in HIPAA-regulated environments.

03

Where is TestGrid hosted?

plus

Our hosted production platform operates within a US-based data center. We also offer on-premises and isolated configurations for organizations that need to keep testing infrastructure and execution activity within their own network perimeter.

04

Does TestGrid work in on-premises and air-gapped environments?

plus

Yes. We operate within on-premises, isolated, zero-trust, and fully air-gapped environments without routine connectivity to external vendor systems.

05

Where are test artifacts stored?

plus

In on-premises and isolated environments, we store screenshots, execution recordings, console logs, scripts, and other test artifacts exclusively within customer-controlled local storage. We don't transmit them to the TestGrid cloud or public endpoints.

06

Can devices and execution nodes be dedicated to one customer?

plus

Yes. We offer configurations in which physical devices and execution nodes are dedicated exclusively to your organization rather than shared through a public device pool.

07

What happens to session data after a test ends?

plus

Upon session termination, we wipe installed application files, browser history, keychains, cookies, local storage, custom root certificates, and other session data. We use hardware-level resets and automated disk-scrubbing procedures to return the environment to a clean state.

08

Are backups maintained and tested?

plus

Yes. We back up production databases daily using incremental and full backups. Backups are encrypted with AES-256, and restoration procedures are tested at least annually.

09

How can I access TestGrid's security and compliance documentation?

plus

Qualified enterprise procurement and security teams can request access to our SOC 2 Type II report, ISO/IEC 27001:2022 certificate, security overview, deployment architecture guide, and Vanta Trust Center under NDA.