Security

TestSurge's infrastructure and processes are built to SOC2 standards covering security, availability, and confidentiality. We undergo regular internal audits and are preparing for formal SOC2 Type II certification as we scale.

Enterprise and Team plans support single sign-on via Google Workspace, so your team can log in with existing corporate credentials. SAML-based SSO for other identity providers is available on request.

Admins can assign granular roles — Admin, Editor, Viewer — to control who can generate, edit, export, or manage billing. Audit logs track who changed what and when, giving you full visibility into team activity.

All data in transit is encrypted with TLS 1.2+, and all data at rest is encrypted using industry-standard AES-256. Story content and generated test artifacts are encrypted in our database and backups.

We never sell, rent, or share your story content or account data with third parties for advertising or any other purpose. Your data is used only to provide and improve the TestSurge service for you.

For organizations with strict data-residency requirements, TestSurge offers an on-premises deployment option on the Team and Enterprise plans, keeping your story data fully within your own infrastructure.