From day one, we’ve prioritized security for testing unreleased games. The result?
The most secure platform for remote playtesting

Built for AAA studios, secure for everyone.

Security, confidentiality and privacy compliance: We check all the boxes and make testing games in any stage of development safe and secure.
Trusted by the best
We have passed dozens of in-depth security assessments and vendor reviews by some of the largest game studios in the US, Europe and Asia, including multiple Fortune 500s.

Their verdict? PlaytestCloud is suitable for testing their most confidential assets in all stages of development.
Confidently compliant
We adhere to GDPR and other applicable privacy laws and regulations and support fully compliant playtesting with children under COPPA, GDPR and the UK Children’s Code.
Platform security
PlaytestCloud’s platform is built to be a secure and reliable place for your games user research.
Hosted securely
Our platform is securely hosted with the cloud providers Heroku, AWS and Google. Our data centers are SOC 2 and ISO 27001 certified and platform data is stored within the United States and Europe.
Data encryption
Platform data is encrypted at rest and in transit using 256-bit or higher encryption. Access to PlaytestCloud is TLS 1.2 or better encrypted with an A+ SSL Labs rating.
Annual penetration tests
Third-party penetration tests are conducted on all core parts of our platform, including our playtesting apps, annually. Contact us for our latest report.
Automated monitoring
Platform health and security are automatically monitored to ensure reliability and security for our customers and players.
Security framework
Our platform and organizational security processes follow industry standard security control frameworks and best practices and use hardened configurations.
Secure software development
We follow a secure software development process and make security considerations part of the design process. We employ automated tests, static code analysis, automated dependency vulnerability scans and have a vulnerability disclosure program.
Device and asset security
PlaytestCloud hardware is fully encrypted and secured by mobile device management and endpoint security software. We track hardware assets, implement a secure configuration process, and follow an access request and review process.
Confidentiality and security
All staff is subject to strict confidentiality agreements. We conduct annual information security and privacy training and provide additional role-specific security training.
Panel security
We implement industry leading security and fraud prevention measures to make your playtesting accurate and secure.
NDA
All players who participate in research on PlaytestCloud have to agree to a strict non-disclosure agreement. Contact us to have your own confidentiality agreement in place with players.
Panel approval
To maintain a diverse and reliable player panel we follow a comprehensive player qualification process that filters out fraudulent and unreliable players without introducing bias to our recruitment.
Fraud detection
Automated and manual review processes detect and exclude players who try to obscure their location through VPN use, attempt to use emulators or try to use multiple accounts. Our fraud detection methods are industry leading and are constantly updated.
Playtesting security
Technical, research operational and legal security layers work hand in hand to keep your playtests secure. Whether you’re testing a public game or your first prototype, we’ve got a secure solution for you.
Secure build distribution
PlaytestCloud handles the distribution of game builds (and other test assets) to players in a secure way. Build uploads are encrypted in transit and builds on our servers are encrypted-at-rest. Our platform also ensures that players accept an NDA before they can access your build.
Kill-switch (build deactivation)
We prevent players from continuing to play after a playtest is concluded when you test unreleased iOS and Android games and provide a compatible build. On Android this process is automated and requires no SDK. For added security during iOS TestFlight playtests a small, privacy-friendly SDK is required.
Random invites
Playtest invitations are randomly distributed to eligible players, which prevents someone from “deciding” that they want to playtest your game in particular.
Keeping your name out of it
Players won’t see the name of your studio anywhere on the platform, letting you test new ideas in secrecy. For maximum secrecy, make sure that your game doesn’t give away your studio name or the IP that you’re working on inadvertently.
Players are under NDA
Players need to accept a strict NDA prior to being able to participate in your playtest that prohibits sharing any information about your game or concept. Contact us to have your own confidentiality agreement in place with players.
PlaytestCloud is under NDA
Our Studio Terms of Service contain strict confidentiality provisions to allow you to securely use PlaytestCloud’s platform and talk to us about your in-development games. Read the Studio Terms to learn more.

Additional Security Features

Layered Security to make your playtesting secure

Each playtest is protected by technical, legal and panel security measures to keep your testing accurate, safe, secure and – if needed – private. Here’s how the defense-in-depth approach works in practice:

Legal security: All players are under an NDA prior to participating in your playtest. If needed, you or us can even take legal action against the player.

Panel security:
We continuously monitor our panel and all players who participate in playtests for fraudulent behavior and remove players who trip our safeguards from the panel. These checks also run during each playtest and allow us to take action when needed – often automatically.

Technical security:
Depending on the needs of your particular playtest and the platform you run it on, many technical security measures are available to safeguard your game or other assets during and after the playtest. On some platforms, these measures include an automatic kill switch that can disable the game after the playtest. Choose the platform you’re interested in testing on below to review the technical security measures available on it.

Technical security for iOS playtesting

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your game during playtesting.

Builds provided by linking to the Apple App Store:
As these games are publicly available, no additional technical security measures are needed nor offered.


Unreleased games shared through your TestFlight account
iOS games on TestFlight can be playtested in two ways:

• As is, without the PlaytestCloud SDK: This is the recommended mode when your game is already in soft launch or has launched. It requires no code changes whatsoever, but you might want to add our SDK to add touch recording to your iOS playtests.

• With the PlaytestCloud SDK: This mode is ideal for testing confidential, unreleased games.

After an easy integration of the PlaytestCloud SDK, we can add additional strict technical security measures to your game:

Access control. Ensures that only players who are participating in your playtest can open the game. We always know who opens the game, at what time, and what they do within it.

Conditional access. Some playtests require players to play at specific times or intervals, and not at others. Our software enforces that the game cannot be played outside of the defined times.

Remote build deactivation ("kill-switch"). A "kill-switch" allows us to block future access to the game build after the playtest is over or if access needs to be revoked at any time. The “kill-switch” is enabled automatically when a playtest finishes.

Continuous recording. We record players for the entire duration of a playtest. Players are aware of this arrangement, and you have access to the whole interaction the player has within your game. We do this for the safety and security of your game, as every interaction is traceable.

Technical security for Android playtesting

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your game during playtesting.

Builds provided by linking to the Google Play Store
As these games are publicly available, no additional technical security measures are needed nor offered.


Unreleased builds provided as APK and AAB files
This is a highly secure playtesting mode, and it requires no SDK or other code changes.

Our security mechanisms will wrap around your game automatically and add these additional, strict technical security measures to your game:

Access control. Ensures that only players who are participating in your playtest can open the game. We always know who opens the game, at what time, and what they do within it.

Conditional access. Some playtests require players to play at specific times or intervals, and not at others. Our software enforces that the game cannot be played outside of the defined times.

Uniquely fingerprinted builds. Each player will receive a uniquely fingerprinted version of your game build that allows us to trace the builds back to the individuals who received it.

Remote build deactivation ("kill-switch"). A "kill-switch" allows us to block future access to the game build after the playtest is over or if access needs to be revoked at any time. The “kill-switch” is enabled automatically when a playtest finishes.

Continuous recording. We record players for the entire duration of a playtest. Players are aware of this arrangement, and you have access to the whole interaction the player has within your game. We do this for the safety and security of your game, as every interaction is traceable.

Technical security for concept tests (using the Concept Testing feature)

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your concept tests (using our Concept Testing) during playtesting.

This is a highly secure playtesting mode as players access the concept test exclusively through a special concept testing view in our own, player-facing secure recording apps.Our recording apps implement the following additional, strict technical security measures for your concept tests that use the Concept Testing feature:

Access control. Ensures that only players who are participating in your concept test can view the concept. We always know who opens the concept test, at what time, and what they do within it.

Conditional access. Some playtests require players to view concepts only at a specific stage of the playtest, and not at others. Our software enforces that the concept test cannot be viewed and participated in outside of the defined times.

Remote build deactivation ("kill-switch"). A "kill-switch" allows us to block future access to the concept test after the test is over or if access needs to be revoked at any time. The “kill-switch” is enabled automatically when a concept test finishes.

Continuous recording. We record players for the entire duration of a concept test. Players are aware of this arrangement, and you have access to the whole interaction the player has with your concept test. We do this for the safety and security of your concept test, as every interaction is traceable.

Technical security for PC games

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your game during playtesting.

Playtests with games that are public on Steam:
As these games are publicly available, no additional technical security measures are needed nor offered.

Playtests with Steam games that require Steam keys to access the build:
PlaytestCloud automates the distribution of Steam keys to players in your playtests. We support all types of Steam keys, including Steam Playtest keys. Access to the Steam keys is only provided to players after they have agreed to an NDA.When you use Steam Playtest, you can also set the build to “Not Playable” in your Steam Playtest settings to prevent players from continuing to play. When other types of keys are used, the ability to disable builds or revoke keys depends on the features Steam offers at the time of your playtest. You can find more information about the different types of Steam keys in the Steamworks documentation.

Game builds provided by directly uploading them to PlaytestCloud for distribution to players:
This distribution method is best suited for games where distributing the game build directly to players is acceptable.

Access control.
Ensures that only players who are invited to your playtest and have accepted the NDA can download the build from PlaytestCloud. The players will download and play the game build on their own PC. Please note that PlaytestCloud cannot disable the game build after the playtest completes.

Technical security for clickable prototypes (Figma, Sketch…)

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your prototype during playtesting.


Clickable prototypes provided through a URL and viewed on iOS or Android
Our technical security measures rely on our platform automatically conducting prototype playtests through a special mobile browser developed by us.

Hidden URL. We don’t reveal the URL your content or prototype is hosted at, meaning players cannot access it after the playtest has concluded unless the prototype reveals its location to the players.

If your prototype does not reveal it’s URL to players, the following technical security measures further protect your prototype:

Access control.
Ensures that only players who are participating in your prototype test can open the prototype. We always know who opens the prototype, at what time, and what they do within it.

Conditional access. Some playtests require players to play at specific times or intervals, and not at others. Our software enforces that the game cannot be played outside of the defined times.

Remote build deactivation ("kill-switch"). A "kill-switch" allows us to block future access to the mobile browser pointing at the clickable prototype after the playtest is over or if access needs to be revoked at any time. The “kill-switch” is enabled automatically when a playtest finishes.

Continuous recording. We record players for the entire duration of a playtest. Players are aware of this arrangement, and you have access to the whole interaction the player has within your game. We do this for the safety and security of your game, as every interaction is traceable.

Technical security for browser games

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect your browser game during playtesting.


Browser games provided through a URL and viewed on iOS or Android
Our technical security measures rely on our platform automatically conducting browser tests through a special mobile browser developed by us.

Hidden URL. We don’t reveal the URL your game is hosted at, meaning players cannot access it after the playtest has concluded unless the game reveals its location to the players.

If your game does not reveal it’s URL to players, the following technical security measures further protect it:

Access control.
Ensures that only players who are participating in your browser test can open it. We always know who opens the browser game, at what time, and what they do within it.

Conditional access. Some playtests require players to play at specific times or intervals, and not at others. Our software enforces that the game cannot be played outside of the defined times.

Remote build deactivation ("kill-switch"). A "kill-switch" allows us to block future access to the mobile browser pointing at the browser game after the playtest is over or if access needs to be revoked at any time. The “kill-switch” is enabled automatically when a playtest finishes.

Continuous recording. We record players for the entire duration of a playtest. Players are aware of this arrangement, and you have access to the whole interaction the player has within your browser game. We do this for the safety and security of your game, as every interaction is traceable.

Technical security for surveys

In addition to the layered legal & panel security measures described above, the following technical security measures are available to protect surveys you run directly on PlaytestCloud.

Access control. Ensures that only players who are invited to your survey can open the survey. We always know who opens the survey, at what time, and when they submit it.

Conditional access and automated deactivation. Our software enforces that players can only access the survey while it is still accepting responses. If your survey is part of a playtest that also has other steps, such as playing a game, the survey can only be accessed by players when they have completed all preceding steps.