Security at TestBox

If I add my own data to TestBox, what happens to it?

The product instances in TestBox are live, production versions. That means your data is treated just as if you were using a live instance hosted by our partners.

Our partners have exceptionally strong security compliance:

  • Zendesk: SOC 2 compliant. Read more about it here.
  • Freshdesk: SOC 2 compliant. Read the announcement here and request more information here.
  • HubSpot: SOC 2 compliant. Read about and request more information here.

Why does TestBox collect information about me during onboarding and what do you do with it?

During the TestBox onboarding process, we collect a few details about you and the company you work for. We use this data for two purposes:

  • To register the products you’re testing through the TestBox platform. If you were to go through a salesperson or buy the product directly, you’d follow this same process. Also, it’s how we’re able to collect revenue from our partners and keep the TestBox platform free for your use. Our partners have assured us that your contact information will not be used for outreach by them or their affiliates.
  • To enable us to better customize your TestBox environment so that you have the best experience possible.

How secure is TestBox?

We take security very seriously at TestBox. Every day, we hear and read about security breaches and we would be absolutely mortified if we were to ever see such news about us. 

Here are some of the things we’re doing to mitigate the risks:

  1. All infrastructure and product-related secrets are stored in a secure, encrypted vault and never in our git repositories or locally — even if they’re only related to testing or running locally.
  2. Internally we enforce multi-factor authentication (MFA) where possible and strongly encourage it otherwise.
  3. We only grant permissions to individuals and infrastructure on a case-by-case basis. In the unlikely event of a breach, this ensures the perpetrator would have limited access, thus limiting any potential damage.
  4. We actively discuss internally how to best manage security of user data and privacy:
    • Security best practices. For example, at TestBox we use BitWarden, a password manager. BitWarden stores login details and other sensitive data in an encrypted format and allows each of us to create strong, unique credentials for every service we use. It also allows us to securely share sensitive information with each other without exposing the information to any other individual or service.
    • Phishing attacks and other types of personnel attacks. Everyone knows not to give out personal information about themselves or anyone else unless explicit permission is given.

Why does TestBox use a Chrome extension?

A Chrome extension overcomes a number of technical hurdles. It means we can offer you a vastly improved and faster experience, with access to features — such as commenting on the product capabilities you like or find challenging — that make trialing new software a breeze.

Does the TestBox extension collect any personal data?

Nope!

Does the TestBox extension track my browsing history?

Nope!

Does the TestBox extension have access to any other sites I visit?

The extension only has access to the sites listed on the extension page. All of these sites are strictly related to our partners, whose products you can test within TestBox. For example, the extension uses access to https://*.zendesk.com/* to run on subdomains of Zendesk.

Where possible, we further filter the Zendesk subdomains so that only those created through TestBox are accessed.

To view the list of sites TestBox can access:

1. Click on the TestBox extension in your Chrome browser and select Manage extensions.

The TestBox icon displayed in the Chrome toolbar. It may be read as "TestBox" by a screen reader.

2. In the Site access section, you'll see a list of sites the extension can access.

A list of websites that the TestBox extension has access to.

3. You can remove access to any of these sites by clicking the toggle button on the right, but keep in mind that the extension may no longer work correctly.

How can I avoid clashes with existing services?

If you already use one of the products we showcase on TestBox and you’re concerned that there might be clashes between your services and our extension, Chrome provides a useful work-around — you can create a new Chrome profile to use with TestBox.

Within this new profile, you can install the TestBox Chrome extension and it will not affect any website or services that you use outside of your TestBox profile.

To create a new Chrome profile:

1. In the top right of your Chrome browser, click the Profile icon.

Highlighting the "Profile" icon on Chrome's toolbar

2. Select + Add.

A screenshot of the user interface for adding a new user profile in Chrome

3. Follow the steps to create a profile to use while using TestBox.