RegressionBot.com

Security Practices

At RegressionBot, we consider the security of your test data and applications to be our highest priority. We employ rigorous standards specifically designed for handling visual testing assets.

Infrastructure & Encryption

RegressionBot runs entirely on a modern, serverless architecture within Amazon Web Services (AWS). We leverage best practices including IAM roles with least privilege, encrypted data stores, and isolated networking.

All data in transit between your environments and RegressionBot is encrypted using TLS 1.2 or higher. Data at rest, including captured DOMs, assets, screenshots, and test metadata, is encrypted using AES-256 encryption.

Data Isolation & Multi-Tenancy

We use a strict multi-tenant architecture. Every organization is assigned an isolated namespace. Screenshots, baselines, DOM snapshots, and test results are stored in S3 and DynamoDB with strict partitions that prevent cross-tenant access. Access controls are rigorously enforced at the application layer.

Data Masking for Stability

Visual testing inherently involves capturing the state of an application. To prevent false positives caused by dynamic or volatile content (like timestamps, ads, or live data feeds), we offer native data masking. By using our data-vr-mask attribute or passing explicit CSS selectors to the SDK, you ensure that these volatile DOM nodes are completely blanked out before any baseline comparisons are made, ensuring stable and reliable test results.

Data Retention & Destruction

RegressionBot retains visual validation data (Screenshots, captured DOM elements, CSS/JS assets) strictly to enable baseline comparisons, historical diff viewing, and automated maintenance. When an account or specific project is deleted, or when data falls outside of your plan's retention window, all associated visual assets and testing metadata are permanently destroyed.

Authentication & Access Control

RegressionBot utilizes secure, token-based authentication (JWT) backed by AWS Cognito. Programmatic API access requires generated API keys that are logically scoped to specific projects and can be instantly rotated or revoked by account administrators.

Reporting Vulnerabilities

If you discover a security vulnerability in RegressionBot, please responsibly disclose it by reaching out via our support portal. We are committed to working with the community to resolve issues promptly and safely.