TestDino

TestDino GDPR Compliance Policy

Last updated: March 2026

TestDino, operated by Alphabin Technology Consulting, processes personal data in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page explains how we handle personal data, what rights you have as a data subject, and how to enter into a Data Processing Agreement with us. Our underlying security controls are independently audited under SOC 2 Type 2 and ISO 27001.

Controller and Processor

For Playwright test data uploaded by your team to TestDino, you (the customer) are the data controller and TestDino acts as the data processor. We process this data only on your documented instructions to deliver the Service.

For account data, billing information, and visitors to our marketing site, TestDino acts as the data controller and processes that information for the purposes described in our Privacy Policy.

Data We Process

On your behalf as a processor, TestDino ingests and stores Playwright test artifacts and CI metadata that you choose to upload, including:

  • Test names, file paths, and project metadata
  • Pass, fail, flaky, and skipped statuses with retry counts
  • Error messages, stack traces, and assertion diffs
  • Screenshots, videos, and Playwright trace files attached to tests
  • Console logs, network logs, and other Playwright artifacts
  • CI metadata such as branch, commit SHA, run number, environment, tags

As a controller for account data, we process the email addresses, names, and organization information of users you invite to your TestDino workspace, plus standard service logs (IP address, user agent, timestamps).

Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you
  • Request rectification of inaccurate data
  • Request erasure (the "right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time, without affecting prior lawful processing
  • Lodge a complaint with your local supervisory authority (e.g., the relevant EU Data Protection Authority or the UK ICO)

To exercise these rights, contact us at [email protected]. We will respond within one calendar month, as required by Article 12(3) of the GDPR.

Data Processing Agreement

Article 28 of the GDPR requires a written contract between a controller and a processor. TestDino offers a Data Processing Agreement (DPA) that incorporates the European Commission's Standard Contractual Clauses for international transfers. The DPA covers the subject matter of processing, sub-processor obligations, security measures, breach notification timelines, audit rights, and return or deletion of data on termination.

To request our DPA, email [email protected] with your company name and the name and title of the person who will sign on your behalf. We'll return a countersigned copy within 10 days.

International Transfers

Customer data may be processed and stored in regions outside the European Economic Area through our cloud infrastructure provider. Where transfers of personal data of EU or UK data subjects take place, we rely on the European Commission's Standard Contractual Clauses, incorporated into our Data Processing Agreement.

Sub-Processors

TestDino uses Microsoft Azure as its sub-processor for cloud hosting and data storage. Azure provides an independent SOC 2 attestation, and our review of that attestation is part of our annual vendor management process (audited under SOC 2 control CC9.2.1).

All sub-processors are bound by signed contracts that include confidentiality obligations, scope of services, compliance requirements, and applicable service levels (audited under SOC 2 controls CC9.2.2 through CC9.2.4). Notification procedures for changes to our sub-processor list are governed by the terms of the Data Processing Agreement signed with each customer.

Security Measures

Our technical and organizational measures (Article 32 of the GDPR) include encryption of data at rest and in transit, multi-factor authentication for production access, role-based access control with least-privilege defaults, network isolation through virtual private cloud and security groups, routine vulnerability scanning, documented incident response and disaster-recovery plans, background checks on personnel, and mandatory annual security awareness training. These controls are tested under our SOC 2 Type 2 audit. For the full list, see our Security page.

Data Retention and Deletion

TestDino maintains a documented Data Retention and Disposal Policy that defines retention periods, storage, and disposal procedures for sensitive, confidential, and personal information (audited under SOC 2 controls C1.1.1 and C1.2.1). Customer test data is retained for the duration of your subscription according to the limits of your plan.

On termination, customer data is securely deleted in accordance with the timelines stated in the DPA. If your account remains inactive for 60 days after plan cancellation, TestDino may delete the account and all associated personal data after notice. To trigger an earlier export or deletion, contact [email protected].

Breach Notification

TestDino operates a documented incident response process. In the event of a personal data breach, we will notify affected customers without undue delay and in accordance with the timelines and content requirements of Article 33 of the GDPR and the obligations set out in our Data Processing Agreement.

Contact

For DPA requests, data subject rights, sub-processor questions, or any other GDPR-related matter, contact [email protected]. See also our Privacy Policy, Terms & Conditions, and Security page.