Security at TestCaseAI

We take the security of your data seriously. Learn about the measures we take to protect your user stories, test cases, and account information.

Encryption in Transit and at Rest

All data is encrypted using industry-standard protocols. Communications are secured with TLS, and stored data is protected with strong encryption at rest. Your user stories and generated test cases are always protected.

Secure Authentication

We use secure session management with industry best practices. Passwords are hashed using strong one-way algorithms with unique salts. Email verification is required for all new accounts to prevent unauthorized access.

Access Controls and Least Privilege

Database and application access follows the principle of least privilege. Users can only access their own data—your projects and test cases are completely isolated from other users through enforced access policies.

Secrets Stored Securely

API keys, credentials, and other sensitive configuration values are stored securely using environment isolation. Secrets are never committed to version control or exposed in client-side code.

Data Isolation

Each user and team has isolated data storage. For Team plans, shared access is explicitly granted and controlled through membership verification, ensuring only authorized team members can access shared resources.

Monitoring and Alerting

We use comprehensive application monitoring to detect and respond to security incidents. Access logs are maintained for audit purposes while respecting user privacy. Anomalies trigger alerts for rapid response.

Backups and Recovery

Your data is automatically backed up with point-in-time recovery capabilities. Our infrastructure is designed for high availability with redundant storage to protect against data loss.

Responsible Disclosure

We welcome security researchers to responsibly report vulnerabilities. If you discover a security issue, please contact us at security@testcaseaiapp.com and we will respond promptly and work with you to address the issue.

Our Commitment

Privacy First

Your data is yours. We only access it to provide our service.

Best Practices

We follow industry-standard security practices and stay current.

Rapid Response

We take security reports seriously and respond promptly.

Contact Security

We take security seriously and appreciate responsible disclosure. If you believe you've found a security vulnerability in our service, please report it to our security team.

Response Time

We aim to acknowledge reports within 2 business days and provide a resolution timeline within 5 business days.

Suggested Subject Lines

  • “Security disclosure: [Brief description]”
  • “Vulnerability report: [Affected area]”
  • “Security question: [Topic]”

Responsible Disclosure: Please allow us reasonable time to investigate and address any reported issues before disclosing them publicly. We are committed to working with researchers in good faith to resolve vulnerabilities.