Protecting customer data is our top priority. We understand that you are trusting us with your data and we take the responsibility of securing it very seriously.
We're fully GDPR compliant. We're ourselves based in the EU and have worked on and verified the details of our GDPR implementation with many large European companies who trust us with their customer data.
If you want, individuals must give consent to the personal data processing. Such request should be given in clear and plain language, and it can be withdrawn later. Usually this takes place before the individual and his/her data ends up on TestFreaks platform, but TestFreaks can help manage this process by storing record of consent, including what version of the term the user gave consent to, and asking for additional consent when necessary. TestFreaks makes it easy for users to opt-out from additional processing and communication. Many customers will apply GDPR's weighing of interests for the common use cases.
TestFreaks will notify its customers without undue delay when becoming aware of a data breach relating to individual data or other sensitive data. TestFreaks will also notify supervising authority and data subjects in accordance with relevant regulations.
Under GDPR, individuals can get access to the personal data stored about them free of charge. TestFreaks is compliant, and can manage the direct contact with individuals, or by providing the data through the data controller.
GDPR also entitles individuals to have the his/her personal data erased. Again, TestFreaks implements this either with direct contact, or through the data controller.
TestFreaks allows fine-grained control over how data is automatically deleted or anonymized.
We provide multiple user roles with different permissions levels within the platform. It's possible to assign roles that limit visibility of Personally Identifiable Information (PII).
We have a standard Data Processor Agreement, but are happy to sign custom versions for enterprise customers.
The TestFreaks platform is designed to be secure and reliable.
Our application is hosted and managed within Amazon Web Services (AWS) secure data centers in Stockholm, Sweden. These data centers have been accredited under ISO 27001, SOC 1, SOC 2 and other standards. We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system.
For more information about AWS security and compliance, see their AWS Cloud Compliance documents.
For day to day access by TestFreaks employees, TestFreaks is implementing a version of Google’s Zero Trust, as described on BeyondCorp. TestFreaks employees should be able to work successfully from untrusted networks without the use of a VPN. Connecting from a particular network does not give automatic access, and all access to services must be authenticated, authorized and encrypted.
We maintain secure backups of important data and perform regular backup restoration tests.
Any restricted data is encrypted and/or stored in highly secure facilities.
All our web and API traffic is served over HTTPS. We redirect users from HTTP to HTTPS.
SFTP is used for non-HTTPS file transfers.
TestFreaks has developed best-practice security policies covering a range of topics. These policies are kept up to date and shared with employees. TestFreaks is currently in the process of implementing and getting certified under ISO 27001.
Our Business Continuity Plan is kept up to date and covers disruptions to our office, infrastructure and platform.
All employees have signed confidentiality agreement with TestFreaks.
All employees complete security awareness training and code of conduct training on regular basis.
If you have any concerns or discover a security issue, please email us at firstname.lastname@example.org and we will quickly investigate.
© 2020 TestFreaks AB. All rights reserved. Various trademarks held by their respective owners.