General Terms & Conditions: Data, API, Incident Management, Monitoring, and Access Management

This article answers common enterprise compliance questions about how Testlify handles data, APIs, incident response, monitoring, logging, and access management.

Service Overview

1. What is Testlify's core offering?

Testlify is a talent assessment platform that helps businesses streamline their hiring process through structured, data-driven skill evaluations.

2. Does Testlify access or process sensitive customer information (SSN, account credentials, etc.)?

No. Testlify does not directly process or access sensitive customer information such as SSNs or account login credentials.

3. What sensitive data fields may be collected?

To support hiring decisions, Testlify may collect the following test-taker data — some fields are optional and collected at the client's discretion:

  • First Name and Last Name
  • Email and Phone
  • IP address
  • Browser settings (location, microphone & camera access)
  • Candidate snapshots, Videos, and Audio recordings (based on assessment configuration)

4. How do client systems interact with Testlify?

Clients interact with Testlify through the web application GUI, REST APIs, and customer support channels.

5. What types of APIs does Testlify provide?

Testlify offers REST APIs for all core services. Full documentation is available at docs.testlify.com.

6. How is Testlify hosted?

Services run on a dedicated cloud environment using: AWS, Vercel, Heroku, and MongoDB Atlas.

7. Is infrastructure on shared or dedicated hardware?

Testlify runs on dedicated hardware — not a shared farm.

8. Where is the data center located?

The primary data center is in the Ireland, EU region.

9. Has Testlify had a security breach in the last 12 months?

No security breaches have occurred.

Monitoring

1. Are systems in place to monitor information processing and respond to irregularities?

Yes. Testlify maintains monitoring systems and documented procedures to detect and respond to system irregularities.

2. Is a Network Intrusion Detection/Prevention System (IDS/IPS) in place?

Yes. A commercially available Network Intrusion Detection/Prevention System is fully implemented and operational.

3. Are all production network segments actively monitored?

Yes. All production segments of the network and systems are under active, continuous monitoring.

4. Is the service monitored 24×7 for security violations?

Yes. The service is monitored 24×7 for security violations.

5. Is there an uptime SLA?

Yes. Testlify provides a Service Level Agreement (SLA) with a guaranteed uptime of 99.95%.

6. Are performance metrics available to customers?

Yes. Performance metrics can be shared upon customer request at an additional fee.

Logging

1. Does Testlify maintain system, application, and security logs?

Yes. Testlify maintains system, application, and security logs.

2. What information do these logs contain?

Logs include: activity records, errors, start and finish timestamps, information security events, and activities by users, system administrators, and operators.

3. How long are logs retained?

Logs are retained for 30 days.

4. Is log access restricted?

Yes. Access to system and application logs is restricted to authorized personnel only.

5. Can logs be provided for monitoring or investigation?

Yes. Logs can be made available upon request at an additional fee.

6. Do logs contain sensitive PII in plaintext?

No. Logs do not contain sensitive PII in clear text.

Incident Management

1. Is there a documented incident reporting process?

Yes. Testlify has a documented process for reporting incidents, observed weaknesses, and suspected security threats.

2. Is there a 24×7×365 security incident response team?

Yes. A 24×7×365 security incident response team is in place with clearly defined and documented roles and responsibilities.

3. Are customers notified in the event of an incident?

Yes. The Incident Response Plan mandates customer notification in the event of an incident.

4. Is Root Cause Analysis (RCA) provided to customers?

Yes. Root Cause Analysis (RCA) is provided after incident resolution at an additional fee.

5. Is there a Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP)?

Yes. Both a Disaster Recovery Plan and a Business Continuity Plan are in place. A high-level summary is available upon request at an additional fee.

6. Do changes include impact assessment and rollback procedures?

Yes. Every change is evaluated for potential operational impact, and rollback procedures are in place.

7. Is there sufficient redundancy for peak usage?

Yes. The cloud architecture includes redundancy and auto-scaling to maintain service continuity during peak usage.

8. What is the production release frequency?

Updates are released multiple times per week following a QA approval cycle. Critical security patches are applied immediately upon availability.

9. Are clients notified before impactful maintenance changes?

Yes. Clients receive email notification at least 3 days in advance of any scheduled maintenance that may impact the service.

API Management

1. Are there APIs to manage users and permissions?

Yes. APIs for managing users and permissions are available. See the full documentation at docs.testlify.com.

2. Are APIs available for all Testlify services?

Yes. APIs cover all services Testlify provides. See docs.testlify.com for the full reference.

3. Does Testlify support RESTful services?

Yes. Testlify fully supports RESTful services.

4. Is API documentation available?

Yes. Comprehensive API documentation is available at docs.testlify.com.

5. Are there APIs for retrieving reporting data?

Yes. APIs are available to retrieve candidate assessment report data. See docs.testlify.com for details.

6. Are there API governance limits or rate limiting?

Yes. Rate limiting is enforced to ensure fair usage and maintain system performance. See docs.testlify.com for specifics.

Data Storage & Processing

1. Is sensitive data securely destroyed before a system is decommissioned?

Yes. All sensitive information is securely deleted before any system is decommissioned or recommissioned.

2. Is Testlify GDPR compliant?

Yes. Testlify is fully GDPR compliant. All data is handled, stored, and processed in accordance with GDPR guidelines. See testlify.com/gdpr-compliance for details.

3. Can customers request their own data for reporting?

Yes. Customer data is available upon request at an additional fee.

4. Can Testlify vendor staff access customer data in an unencrypted state?

No. Vendor staff do not have access to unencrypted customer data.

5. Is customer data encrypted in transit and at rest?

Yes. Customer data is encrypted both in transit and at rest using industry-standard encryption protocols.

6. How often are production backups performed?

Production data backups are performed daily.

7. What customer data fields persist in the application?

Only non-sensitive, necessary fields such as user preferences and system configuration data persist in the application.

8. How is GDPR/CCPA compliance supported?

Testlify enforces strict data handling, processing, and storage policies. All data subject requests — access, rectification, and deletion — are fulfilled within the regulatory timeframe.

9. Are multiple environments provided?

Yes. Separate environments are available for development, staging, and production.

Access Management

1. Does Testlify support Single Sign-On (SSO)?

Yes. SAML-based SSO is supported for White Label plan customers and above.

2. Can users be provisioned through external identity providers (IDPs)?

Yes. User provisioning through external identity providers (IDPs) is supported.

3. Are user permissions managed via roles or groups?

Yes. Permissions are managed via roles — Admin and Member — which can be provisioned at account creation.

4. Can user accounts be activated, deactivated, or deleted?

Yes. User accounts can be activated, deactivated, or deleted upon termination.

5. Is just-in-time (JIT) account creation supported?

Yes. Just-in-time (JIT) account creation is fully supported.

Need help? Contact support.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us