GDPR Compliance

We're fully GDPR compliant. We're ourselves based in the EU and have worked on and verified the details of our GDPR implementation with many large European companies who trust us with their customer data.

Consent and Weighing of Interests

If you want, individuals must give consent to the personal data processing. Such request should be given in clear and plain language, and it can be withdrawn later. Usually this takes place before the individual and his/her data ends up on TestFreaks platform, but TestFreaks can help manage this process by storing record of consent, including what version of the term the user gave consent to, and asking for additional consent when necessary. TestFreaks makes it easy for users to opt-out from additional processing and communication. Many customers will apply GDPR's weighing of interests for the common use cases.

Breach Notification

TestFreaks will notify its customers without undue delay when becoming aware of a data breach relating to individual data or other sensitive data. TestFreaks will also notify supervising authority and data subjects in accordance with relevant regulations.

Right to Access

Under GDPR, individuals can get access to the personal data stored about them free of charge. TestFreaks is compliant, and can manage the direct contact with individuals, or by providing the data through the data controller.

Data Erasure

GDPR also entitles individuals to have the his/her personal data erased. Again, TestFreaks implements this either with direct contact, or through the data controller.

Data Minimisation and Privacy By Design

TestFreaks allows fine-grained control over how data is automatically deleted or anonymized.

Granular access control

We provide multiple user roles with different permissions levels within the platform. It's possible to assign roles that limit visibility of Personally Identifiable Information (PII).

DPA

We have a standard Data Processor Agreement, but are happy to sign custom versions for enterprise customers.

TestFreaks architecture

The TestFreaks platform is designed to be secure and reliable.

Amazon AWS

Our application is hosted and managed within Amazon Web Services (AWS) secure data centers in Stockholm, Sweden. These data centers have been accredited under ISO 27001, SOC 1, SOC 2 and other standards. We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system.

For production servers, TestFreaks is using the AWS best practices as described by AWS Security and Securing EC2.

For more information about AWS security and compliance, see their AWS Cloud Compliance documents.

Backup

We maintain secure backups of important data and perform regular backup restoration tests.

Encryption

Any restricted data is encrypted and/or stored in highly secure facilities.

HTTPS

All our web and API traffic is served over HTTPS. We redirect users from HTTP to HTTPS.

File and feed transfers

SFTP is used for non-HTTPS file transfers.

Policies and controls

TestFreaks has developed best-practice security policies covering a range of topics. These policies are kept up to date and shared with employees. TestFreaks is planning to implement and getting certified under ISO 27001.

Business continuity

Our Business Continuity Plan is kept up to date and covers disruptions to our office, infrastructure and platform.

Confidentiality

All employees have signed confidentiality agreement with TestFreaks.

Training

All employees complete security awareness training and code of conduct training on regular basis.

Disclosure

If you have any concerns or discover a security issue, please email us at security@testfreaks.com and we will quickly investigate.