Compliance and security
All about Octomind data access and governance
No access to source code needed
We operate by simulating a real user interacting with your web app, using your app’s DOM to identify actions like clicks or text inputs. We are also using screenshots of your web app. This doesn’t require access to your source code. We are only seeing the parts of your app which are exposed to your users.
Data retention policy
We ensure that all user data related to tests is deleted after 6 weeks, with the exception of essential user profiles that facilitate service continuity.
All data is processed solely for the intended purpose of delivering and improving our services, and we strive to uphold the principles of data minimization, purpose limitation, and security. To ensure clients’ needs are fully met, we are open to discussing any specific privacy or security concerns and are happy to sign a mutual NDA if needed.
No training and sharing with third parties
Our solution only uses input data for the purpose of composing, running, and maintaining test cases. We do not use this data to train our solution, nor do we share input or output data with third-party companies outside of our standard service providers, such as AWS, Azure or GCP, which are necessary for infrastructure purposes.
Human inspection
Human inspections of input or output data are not systematically conducted unless explicitly requested for support purposes. In such cases, only authorized support personnel have access, solely for the specific purpose of resolving issues. We analyze system failures, especially if our AI agent encounters difficulties during test case creation. These inspections are limited to individual test cases or specific steps within test cases and are carried out only by authorized support personnel.
GDPR / CCPA compliance
The Octomind application is not GDPR or CCPA relevant since we are not collecting any user data (privacy relevant or not). You can strictly run Octomind on test data to make sure, your are not violating your own compliance requirements.
Learn more about our privacy policy here.
CI/CD Integration
Our GitHub and Azure DevOps integrations are bi-directional. They trigger test runs and comment results back into your pull requests. They require comment permissions only. Please check out the respective section (GitHub,Azure DevOps) in our documentation for more details.
Other intergrations into Vercel, Jenkins or the curl command are not able to comment back. Hence they do not need permissions.
Exclude Octomind agent runs from your user metrics
In case you need to exclude our agent from your metrics you can easily do this by excluding any browsers with a user agent
which includes octomind.
Two IP addresses
If you need to set your firewall to allow our agent to access your web app, please allow our IP addresses: 35.192.162.70,
34.159.153.198 (europe proxy) or 34.129.193.156 (australia proxy).
NDA option
If you want us to sign an NDA you can find all information in our NDA section.
Run Octomind tests locally
We provide an option to run test cases locally from your dev machine against any test target with an open source tool called Debugtopus. You can either run a single test case or all of them at once. To do so, please check out the run tests locally and debug section.
Since this component is running on your local machine its code is open sourced so that you can run an audit on it. Check out the Debugtopus repository on GitHub.