The Tesults terms of service documentation includes details on security. Here are highlights we think are important you should know about:
Although the Tesults service is generally used for storing test or fake data, security across the Tesults service including data storage and transmission is taken seriously and treated with the highest priority.
The Tesults service stores data in data centers located within the Unites States on infrastructure provided by Amazon Web Services. Industry standard technical security measures and best practices are applied and implemented throughout the entire architecture of the service. These measures are reviewed periodically to keep security measures up-to-date. Stored data never leaves the United States based data centers unless your team makes requests for your data outside of the United States in which case data may be stored temporarily (cached) on CDNs (Content Delivery Networks) around the world as well as your browser. All communications to the Tesults service are encrypted by TLS, all communication is made using the HTTPS protocol end-to-end, including viewing data and uploads of results data. This includes all results APIs and language specific API libraries.
Data is encrypted in transit as outlined above. All data related to authentication is encrypted at rest within Tesults databases. All payment related data is stored by Stripe, a PCI compliant third party payment processor certified to PCI Service Provider Level 1.
Two-factor authentication (2FA) is available and can be enabled for all Tesults users.
All internal and external APIs are protected through authentication.
Roles offer customized permission levels for team members added to Tesults projects. By default all added members other than the project owner are granted level 1 access, the least permissive role (the owner is the creator of the project unless ownership is transferred manually). We recommend promoting team members to higher level roles only as necessary, especially to level 4 (Officer) role where payment details can be edited (though even level 4 users are unable to view payment details so there is never a danger of payment card details being leaked, this sensitive data is never displayed or transmitted in any API fetch, only the last 4 digits of a card and the expiry date can ever be retrieved by authenticated level 4 role users).
Contact support at firstname.lastname@example.org if you have questions about data storage and security, your request will be routed to a member of staff who can provide detailed technical responses to specific requests.