Test Data Privacy (Artillery Cloud)

[diegolatorre16]

Cordial greetings, we have been testing the Artillery tool and we liked it very much. Recently, we explored the Artillery Cloud functionality for data visualization on the dashboard. We have found this functionality to be particularly valuable, however, we have some concerns about the data privacy of these tests.

We have been reviewing the following link:
https://www.artillery.io/terms/privacy

And as we understood, it talks about the handling of personal information (Name, Email, Payment information). However, nothing is mentioned about the information corresponding to the metrics that are sent to Artillery Cloud (with --record). Where can we see information about the privacy of this data, what is the handling of this information, where is this information stored?
Thank you very much for your help

[hassy]

Hi @diegolatorre16 👋 Artillery Cloud is hosted in the EU (AWS Ireland). We are certified as SOC 2 Type I compliant following an external audit. We have a number of relevant policies in place to support SOC 2 compliance, including an Information Security Policy and a System Access Control Policy. These are only shared internally at the moment, but we provide a copy of our SOC 2 Type I report by request to all paying customers (as well as a copy of an attestation letter from our most recent pen test). But in summary: we have a set of formal policies, controls, and practices for the appropriate access control and protection of all customer data such as: use of MFA, least-privilege access policies, auditable access logs, and role based access controls to all systems and infrastructure.