Security & trust

Built so both sides can trust the work.

A marketplace only works if builders trust the feedback and testers trust they’ll be paid. Here’s what keeps herdtest safe on both sides.

Signed NDAs

Sessions can require a non-disclosure agreement before the room unlocks. The exact terms a tester agrees to are captured and frozen for the record — even if the terms change later.

Escrow payments

When a builder accepts a tester, the session fee is held in escrow and only released when the session is completed — or refunded if the spot is cancelled. Testers know they’ll be paid; builders only pay for finished work.

Two-way reputation

Builders and testers rate each other after every completed session, so quality compounds and bad actors surface fast.

Access controls

Only a session’s builder and its accepted testers can enter the live room, and only the two parties to a thread can read their messages. Every action is authorized on the server.

Hardened by design

Sessions are protected against forged requests (CSRF), a strict content-security-policy blocks injected scripts, cookies are httpOnly and same-site, and passwords are hashed with bcrypt.

Verified people

Testing is done by real, profiled testers — not anonymous panels — so the feedback comes with context you can act on.

Found a security issue? We’d love to hear from you — get in touch.