Trust Centre

Security and data protection built into every workflow.

AxonQA is designed to protect your projects, requirements, test cases, automation code, screenshots, reports, API data, and AI-assisted workflows.

TLS in transitAES-256-GCM at restSigned artifact URLsAudit-logged AI actions
Trust centre · Audit trail
Liveevery action recorded
Viewed run report
product-owner@acme.com
Accepted a healed locator
qa-lead@acme.com
Requested a signed artifact URL
ci-bot
Blocked: not in this organization
guest@other.com

Trust principles

The principles behind the platform.

Clear commitments, applied consistently across test creation, automation, API testing, and every AI-assisted workflow.

Data ownership

Your projects, tests, automation code, and artifacts remain your data. They are never sold and never used to train AI models.

Task-based AI

Every AI feature sends only the context needed for the selected task, nothing more.

Data minimisation and secret scrubbing

Secrets and PII are stripped from content before any AI call leaves the platform.

Encrypted credentials

Integration tokens and test credentials are encrypted at rest with AES-256-GCM.

Encryption in transit

All traffic between your browser, the platform, and your integrations is protected with TLS.

Protected artifacts

Screenshots and videos are tenant-isolated and served only through short-lived signed URLs after an authorisation check.

Access controls

Organisation-scoped data isolation keeps tenants separated, with role-based access controls inside each organisation.

Audit trails

Assistant actions, MCP tool calls, and API-testing security events such as production-run confirmations and secret access are all logged.

Local agent for private apps

The local agent is outbound-only, pairs with one-time codes, and stores device keys hashed. No inbound ports are ever opened.

Session protection

Short-lived sessions, sign-out-everywhere revocation, and verified email sign-up protect every account.

Protected access

Every artifact passes an access check.

Screenshots, videos, and traces are never public. Each request is checked against your organisation and role, then served through a short-lived signed link scoped to a single run, so access cannot be shared or replayed later.

  • Tenant isolationData is scoped to your organisation, and any request that reaches across a boundary is refused.
  • Authorisation on every requestAccess to a run and its artifacts is checked against your role before anything is served.
  • Short-lived signed linksArtifact URLs expire quickly and cannot be reused or shared to grant standing access.
Trust centre · Artifact access

Artifact requested

Run #4821 · checkout screenshot

Authorisation check

Organisation and role verified

Signed link issued

Scoped to this run only

Signed link lifetimeshort-lived

Access granted for this run only.

Our approach

How we think about your data.

Four commitments that shape how AxonQA is built and operated.

Your data remains yours

Your requirements, test cases, automation code, run results, and artifacts belong to you. We never sell your data, and we never use it to train AI models. It exists to serve your team and no one else.

AI with controlled context

AI features work on a task basis. Failure analysis, for example, uses the failed step and the context relevant to it, not your whole workspace. Secrets and PII are scrubbed before content reaches any model, and AI usage is metered per plan so consumption stays visible.

Private app support

Applications on private networks stay private. The AxonQA local agent runs inside your environment and connects outbound only, so there are no inbound ports to open and no public exposure. Pairing uses one-time codes, and device keys are stored hashed.

Human control

AI accelerates the work while people stay in charge. Generated tests, healing fixes, and risky assistant actions are reviewable, the assistant asks a clarifying question instead of guessing, and destructive actions always require your explicit confirmation.

Security FAQ

Common questions, answered directly.

Straight answers about how AxonQA handles your data, your applications, and AI.

No. Your projects, requirements, test cases, automation code, and results are never used to train AI models. Content sent to AI providers is used only to complete the task you requested, and nothing else.

Questions about security?

We are happy to walk your team through how AxonQA protects your data, and to share our security documents.