Extension Permissions
1. Are there opportunities to minimize or eliminate certain permissions while maintaining full functionality?
No, each permission is essential for the app to function properly. These permissions have been tested and verified as the minimum needed for the AI Test Case Generator to work as intended.
2. Does the app adhere to Azure DevOps’ best practices for permission management to ensure the least privileged access?
Yes, the app has been thoroughly tested to ensure that it follows the principle of least privilege. Permissions were systematically removed during testing to confirm that only essential permissions are requested.
Data Access and Security
4. What type of Azure DevOps data does the app access, and what data is collected or processed?
The app accesses the information within work items to generate test cases. Specifically, it processes the Title and Description fields. Users have the option to configure up to 3 additional fields for the app to access and process.
5. How does the app handle sensitive data, and what measures are in place to ensure its protection during transmission and at rest?
All data accessed by the app is considered sensitive and is protected during transmission using HTTPS and SSL protocols. The app does not store data outside of the Azure DevOps instance, so data protection at rest is handled within the instance itself.
6. What encryption protocols are used for data storage and transmission?
The app uses HTTPS and SSL encryption to secure data during transmission. Since the app does not store any data, no encryption is required for storage.
7. Is the app regularly reviewed for security vulnerabilities or risks?
Yes, we conduct regular security reviews and use sophisticated security analysis tools to ensure that our platform remains secure and up to date with industry best practices.
Privacy Concerns
8. What personal information does the app collect, and how is this data used or stored?
The app does not collect or store any personal information unless you subscribe to a plan. Only minimal personal information essential to provide a subscription is stored in our billing system, and information to identify and verify an active subscription is stored in our backend systems using best practices and secure components provided by Microsoft Azure.
9. Is there an option for users to opt out of certain data collection?
No, as the app does not collect any non-essential personal data, there is no need for an opt-out process.
10. What is the app’s data retention policy, and how is data securely disposed of after the retention period?
Since the app does not collect or retain any data, there is no retention or disposal policy required. Billing and subscription data is kept in accordance with applicable law and accounting practices.
General Security & Compliance
11. Has the app undergone a security assessment to ensure it meets necessary security and privacy standards?
Yes, the app undergoes regular internal security assessments to ensure compliance with industry standards. We also employ continuous monitoring and alerting for potential security issues.
12. How does the app ensure compliance with regulations such as GDPR or other data protection laws?
The app is stateless and does not retain any of the data it processes. Therefore, all data is protected by the Azure DevOps instance, which ensures compliance with GDPR and other similar data protection laws.
13. Are there any additional assurances you can provide regarding data security and privacy?
We are committed to maintaining a high standard of data security and privacy. If you have any further questions or concerns, feel free to reach out, and we will be happy to provide additional details or clarifications.
14. Which locations are involved in data processing?
Data processing takes place in the United States, while our backend infrastructure is hosted in the Australia region. This ensures that data is handled securely in compliance with regional security standards and regulations.
15. Do you provide SOC II or ISO 27001 certificates?
We currently do not hold SOC II, ISO 27001, or PCI compliance certificates ourselves. However, the technology vendors we work with, including those providing AI and LLM models, are fully compliant with these standards. We ensure that the vendors in our tech stack, such as those offering infrastructure services and AI capabilities, adhere to the highest security and compliance standards.
You can visit the trust centers of our key technology partners for more information on their certifications and compliance: