Absolute Security, Guaranteed
The privacy and security of your data are of utmost importance to us. Everything we do at BrowserStack reflects this philosophy.
BrowserStack is SOC2 compliant. We are audited regularly to check if your data is managed securely. Our SOC2 compliance also ensures that yours and your organization’s privacy is protected. Our SOC2 compliance extends to all products we provide.
- We comply with the 5 Trust Service Principles (TSP) which guarantee the security, availability, processing integrity, confidentiality, and privacy of your data.
- Our certification ensures that we monitor unusual system activity, authorized and unauthorized configuration changes, and user access levels.
- In the rare event of a security incident, we have proper alerting procedures in place so that we can take corrective actions in time.
HTTPS is a default implementation at BrowserStack. HTTPS means HTTP Secure or HTTP over SSL. It is the use of SSL (Secure Socket Layer) or TLS (Transport Layer Security) to encrypt all user communications with our servers.
- Every time you communicate with us, you are redirected through secure TLS (Transport Layer Security).
- Our HTTPS implementation guarantees the protection of the privacy and integrity of your data in transit.
- HTTPS is a bidirectional encryption that prevents eavesdropping and tampering of any communication.
BrowserStack is GDPR compliant. This means that in accordance with the General Data Protection Regulation (EU) 2016/679, we guarantee the protection of your data.
- GDPR compliance requires Data Privacy Impact Assesment (DPIA), employee training and policies in place for data retention, personal data collecting and processing, notices and consent.
- GDPR compliance covers all your account-related information and customer content.
- You can find a detailed report of our terms here.
Pristine Real Devices
Every device that you use through the BrowserStack Cloud is brand new. Each test is run on a phone with factory settings. Once your test is complete, every last bit of data is destroyed.
- After every use, we return the used device to its original factory settings.
- Our devices are stored in locations with stringent security, where access is highly restricted.
- Only authorized personnel can handle the devices, and for maintenance and upkeep only.
Privacy Shield Certification
BrowserStack is Privacy Shield Certified, governed by the US Department of Commerce, the European Commission, and the Swiss Administration. This covers cross-border data transfer from the EU to the US.
- Our Privacy Sheild Certification covers your personal data protection requirements.
- Once an organization is Privacy Shield Certified, the commitment becomes enforceable under US law.
- You can access our Privacy Shield Certification here.
Private Virtual Machines
We guarantee that every test runs on a tamper-proof virtual machine with original factory settings. Each machine is in a highly secure network, behind strong firewalls. Our users are not allowed to install any programs on the machines.
- After your tests are completed, all your data is destroyed.
- Every time user data is destroyed from a VM, it is also stripped of its registry contents, caches, cookies, and all running processes.
- As a fail-safe mechanism, every VM goes through a series of validation checks. VMs that fail even one check are immediately taken off the infrastructure.
Security of account information and usage logs
Your account information is encrypted before it is stored. We cannot view any of your credentials, even in the case of an emergency.
- Our data encryption and privacy policies apply to all payment details.
- Test history and log data are stored in a secure database on our cloud.
- A highly encrypted access mechanism grants data access to you and only you.
Destruction of browsing data
We guarantee that we have no way to view or store your browsing data. As soon as you log out, the smallest bits of user data are destroyed.
- Our restoration mechanism for remote mobile and desktop browsers is extremely thorough.
- We wipe out all browsing data as soon as a user’s session ends.
- The data erased include apps installed, temporary file caches, browsing history, cookies, passwords, testing logs, and downloads.
If you need to contact us with regard to any of your rights as set out in these policies, you can make a request by email to firstname.lastname@example.org.
* With the recent acquisition of Percy by BrowserStack, all our products are SOC2 compliant except Percy (Visual testing product), which is under the process of being SOC2 compliant.