Security & Trust

Built for zero tolerance. Secured like it.

TestLauncher serves industries where a single failure has real consequences — so security, privacy, and compliance are foundational, not features. This page summarizes how we protect your data and where we stand on certifications.

Compliance

Certifications & standards

Our formal certification program is underway. We report status honestly and update this page as attestations complete.

  • SOC 2 Type II In progress

    Independent attestation of our security, availability, and confidentiality controls.

  • ISO/IEC 27001 In progress

    Information security management system certification.

  • ISO 9001 In progress

    Quality management system certification.

  • GDPR Aligned

    Data protection practices aligned with the EU General Data Protection Regulation.

Platform vs. company. The above is TestLauncher's own posture. Separately, the platform helps your regulated programs generate evidence for FDA 21 CFR Part 11, GAMP 5 / CSA, and ISO regimes — see the product suite.
How we protect data

Security practices

Encryption everywhere

Data encrypted in transit (TLS) and at rest. Secrets are managed, never hard-coded or exposed client-side.

You own your data

Your quality and business data stays yours, governed by you. Ownership is the foundation of the platform, not an afterthought.

Least-privilege access

Role-based access control and the principle of least privilege across systems, with auditable access reviews.

Continuous security testing

Security scanning and review are part of the same pipeline as quality and performance — one source of truth.

Vendor & subprocessor diligence

Subprocessors are vetted and bound by confidentiality and data-protection obligations.

Incident response

A defined process to detect, respond to, and communicate about security incidents.

Data protection & privacy

You own your data, and we process it under our Privacy Policy. A Data Processing Addendum and current subprocessor list are available to customers on request. We collect the minimum necessary and retain it only as long as needed.

Responsible disclosure

Found a vulnerability? Please report it to security@testlauncher.com. Our machine-readable security contact is published at /.well-known/security.txt (RFC 9116). We investigate every good-faith report and will not pursue action against researchers who act responsibly.

Accessibility

We are committed to making testlauncher.com usable by everyone and aim to conform to WCAG 2.2 Level AA. The site uses semantic HTML, keyboard-navigable controls, visible focus states, sufficient color contrast, and respects reduced-motion preferences. If you encounter a barrier, email hello@testlauncher.com and we'll work to fix it.