Depending on what you mean; assuming it's the security angle:
TLDR; carefully
At a high level, most of our customers are testing in QA - not production - so usually the only proprietary information (outside of credentials to access it) we'd see is something they'd be releasing shortly anyway. However, we take security seriously;
Our infrastructure and code is heavily tested + reviewed before shipping, as well as externally audited yearly. Currently we're checked yearly for HIPAA, and from this have strong internal controls / processes, documentation and guidelines around access controls, how-things-are-done, and audited. Everything is encrypted at rest and transit (db, logs, images, etc). All the testing is done through our infra, recorded (video, kvm) and logged (http, https, dns, etc). Obviously we never re-use a VM, they're destroyed post use.
From the crowd side, they test using the same machines as automation uses (i.e. all the same logging levels as above). Additionally, each individual is KYC'd and signs an NDA with us before they can work. Enterprise, or folks needing BAAs have a sub-crowd with extra levels of KYC / other requirements.
Depending on what you mean; assuming it's the security angle:
TLDR; carefully
At a high level, most of our customers are testing in QA - not production - so usually the only proprietary information (outside of credentials to access it) we'd see is something they'd be releasing shortly anyway. However, we take security seriously;
Our infrastructure and code is heavily tested + reviewed before shipping, as well as externally audited yearly. Currently we're checked yearly for HIPAA, and from this have strong internal controls / processes, documentation and guidelines around access controls, how-things-are-done, and audited. Everything is encrypted at rest and transit (db, logs, images, etc). All the testing is done through our infra, recorded (video, kvm) and logged (http, https, dns, etc). Obviously we never re-use a VM, they're destroyed post use.
From the crowd side, they test using the same machines as automation uses (i.e. all the same logging levels as above). Additionally, each individual is KYC'd and signs an NDA with us before they can work. Enterprise, or folks needing BAAs have a sub-crowd with extra levels of KYC / other requirements.
We're currently early in starting being formally SOC 2, but it's not complete. More details here - https://go.rainforestqa.com/rs/601-CFF-493/images/Rainforest...