TestRail Security Overview

TestRail uses robust security measures, which encompass both technical and organizational security controls.
  • Encryption
  • Incident Management
  • Network and System Integrity
  • Availability and Resilience
  • No data loss / information leaks
TestRail Security

Key facts about our security policy and server infrastructure

The security of our customers' personal information is very important to us. We use robust security measures that encompass both technical and organizational security controls to prevent data loss, information leaks, or other unauthorized data processing operations. TestRail incorporates encryption, incident management, network and system integrity, and availability and resilience requirements into its security program. Learn more about our security policy, methodology, and secure infrastructure by reviewing our security statement below.

24/7 Proactive Monitoring

All our systems are continuously monitored for security, availability and performance.

HTTPS Encryption

Communication with our servers is securely encrypted using TLS-based HTTPS protocols.

Automatic Updates

Benefit from full maintenance with automated system and application updates.

Professional Data Centers

We exclusively use leading data center providers with excellent physical security controls.

System and Data Backups

All our systems are regularly backed up for disaster recovery and system outages.

Data Protection

We are bound to the very strict German and European data protection laws.

High Availability

Full redundancy of all important systems and world-class data connectivity.

Database Isolation

Separation of customer data with database-level isolation and access permissions.

Access Permissions

Fine-grained access control via system permissions, roles, and network addresses.

AWS Compliance Logos

Recent Amazon compliances under their AWS Assurance Program. Please note that the above listed certifications apply to the AWS infrastructure only and don’t necessarily extend to applications such as TestRail using it. To learn more about up-to-date details, visit the AWS Assurance Program website.

TestRail Cloud now 100% based on Amazon AWS with full compliance

All new TestRail Cloud accounts are now 100% based on our new Amazon AWS backed infrastructure, following many industry best practices and using Amazon’s fully compliant and certified systems.

All our systems are designed with proactive failover across multiple data centers in the US, while complying with the strict EU data protection rules guaranteed under Amazon’s Safe Harbor compliance.

Amazon AWS has certified their infrastructure and/or is compliant with many industry standard policies under the AWS Assurance Program such as ISO, PCI DSS, SOC, FIPS and MPPA.

Trust, security and compliance

TestRail Enterprise delivers enterprise-grade security and compliance features to make it easy to comply with regulatory requirements and pass audits. Set a custom backup schedule on TestRail Enterprise Cloud to improve redundancy while minimizing disruption, or self-host TestRail Enterprise Server for full control over network access and data residency.

What we’re doing to keep your data and our infrastructure safe and to ensure fast and effective responses to security issues.

Methodology

The security and safety of customer data, our applications, and the supporting infrastructure is our top priority. We achieve a high level of security by following industry best practices and regularly reviewing and improving our security policies and processes.

Our staff is trained and briefed to ensure that our security policy is executed thoroughly across all disciplines and teams, including customer service, our software development team and infrastructure operations.

Network Security

Our network is protected by redundant firewalls and load balancers. Our data center providers employ additional constant performance and security monitoring of the used infrastructure. We monitor all systems 24/7 for availability and performance related incidents to proactively troubleshoot and resolve issues. Many of our servers and network equipment are designed in a redundant way with automatic active failover.

Application Security

Our applications feature robust security mechanisms and use or support encrypted storage of select data as well as backups and hashed passwords if applicable.

Data Isolation

We isolate customer data for TestRail server and cloud instances by using separate databases and user access for each customer. This and additional mechanisms ensure protection of sensitive customer information on the database level.

Physical Security

Our servers are hosted exclusively at professionally maintained and secured facilities from leading data center providers. All facilities feature various physical security mechanisms such as electronic access control systems, 24/7 monitoring of entrances, server rooms and vehicle access roads, as well as modern fire detection and UPS systems.

Transmission Security

All communications with TestRail cloud instances or our customer portal are encrypted using industry standard TLS-based HTTPS protocols. Our email systems also support TLS in order to encrypt and deliver email securely between servers. The TestRail server edition also supports TLS-based HTTPS protocols for the application as well as email delivery. The use of HTTPS is also supported and encouraged for integrations with third-party systems.

Development Practices

Our teams follow industry best practices to achieve a high level of security in our code and infrastructure. To ensure high code quality, we employ regular code reviews, track changes rigorously, and train team members on common relevant attack vectors. We also maintain our own secure framework as part of our stack to limit third-party dependencies and to manage critical code in a central place.

Vulnerability Management

Our applications and the supporting infrastructure are frequently reviewed for potential security issues.

Our documented disclosure policy and our vulnerability management ensure efficient and fast responses to security issues and incidents.

Access Control

All access to data within TestRail is governed by access rights and user authentication. Operations and customer service policies follow many industry best practices to limit access to customer data. Additionally, customers can restrict access to TestRail users based on various permissions, roles and network addresses.

Privacy

We are bound to the very strict German and European data protection laws such as the German Federal Data Protection Act and the General Data Protection Regulation (“GDPR”). To learn more about our commitment with GDPR, please visit our GDPR webpage. Personal information and customer data is stored and processed only to provide and optimize our applications, services and offerings.

Reporting Security Issues

Keeping customer data safe and our infrastructure secure is our top priority. Your input and feedback on our security is highly appreciated. Please contact us here with urgent and security-related requests and provide us with a secure way to respond.

Disclosing security issues

If you discovered a security issue that might impact our products or infrastructure, please let us know. We will acknowledge your report, provide a way to track the issue and start investigating the problem immediately. Once the issue has been resolved we’ll post a security update along with credits if applicable.


Please do not publicly disclose any problems without coordinating with us, so we can ensure that all customer accounts and instances have been secured first. We answer all requests within one business day.

Quick contact details

Note for security researchers

Please do not run any automated scanning or tests against our live infrastructure without our permission. To verify TestRail, please download a copy for your own server instead.

Also do not perform any load/capacity testing. Do not access other accounts, customer data or modify records during testing.

Build quality processes and release with confidence