Security is built into every layer of Testyn. We follow industry best practices for authentication, data storage, and infrastructure to keep your test data safe.
All traffic between your browser and Testyn is encrypted with TLS 1.2 or higher. HTTP requests are automatically redirected to HTTPS.
Your data is stored in a PostgreSQL database hosted on Neon, which encrypts data at rest using AES-256. File attachments are stored on AWS S3 or compatible storage, also encrypted at rest.
Testyn enforces role-based access control at both the platform level (Admin / User) and the project level (Project Manager / Tester). Every API endpoint validates the caller's session and role before returning data. Users can only access projects they are members of.
Testyn is deployed on Vercel with automatic DDoS mitigation and edge security provided by Cloudflare. Database credentials and API secrets are stored as encrypted environment variables — never in source code.
If you discover a security vulnerability in Testyn, please report it privately before disclosing it publicly. Email us at testyn@expertsqa.com with a description of the issue and steps to reproduce it. We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 30 days.
We ask that you do not access or modify other users' data, run automated scanners against production systems, or disclose the vulnerability publicly until it has been resolved.
Security concerns or questions? testyn@expertsqa.com