Security is one of our biggest priorities here at Upflow. On this page we have provided information about the security of your data and our general security practices.
- Upflow is SOC-2 Type 1 compliant (security, availability & confidentiality).
- We are also GDPR compliant.
- The documents relating to the above are available upon request.
- We run background checks on all incoming employees, or contractors who will be working with Upflow, before starting at the Company.
- All employees sign confidentiality agreements to protect customer information.
- Support staff do not have access to fine-grained customer data, instead they rely on metadata to provide support.
- Developers participate in regular security training to learn about common vulnerabilities and threats.
- Our datacentres are hosted in the EU (Ireland) by AWS. They are ISO 27001, 27017, 27018 and SOC 1, 2, 3 Compliant.
- All data is encrypted in transit using TLS 1.3, sensitive data is encrypted at rest using a symmetric key algorithm.
- We use Distributed Denial of Service (DDoS) mitigation services powered by Cloudflare.
- We use continuous protection and master-slave replication to protect against any database failures.
- We perform automatic, nightly backups of all customer data.
- We undergo an annual third-party penetration test and source code audit of our production services.
- Security review is an integral part of our development lifecycle, incorporated into our design, implementation, and test processes.
- We're listed in the Quickbooks App Store and have cleared all mandatory security audits required by Intuit.
Threat and Vulnerability Management
- We have automated systems to inventory installed software and software versions on production systems.
- All high-risk vulnerabilities are addressed within 30 days of discovery. Most medium-risk vulnerabilities are addressed within 90 days of discovery.
- We welcome feedback from the security community and strive to quickly address security issues involving our products and services. Please report security issues to [email protected] in accordance with our bug bounty programme
- In addition to following industry standard security best practices, we have a comprehensive cyber insurance policy provided by Clear Blue Insurance Group.
- We have corporate liability insurance, that covers employee negligence and fraud. And cyber risk insurance that covers attacks from third parties.
- Our insurance covers any damages incurred by our customers as a result of an attack on Upflow. We review the liability amount on a yearly basis as we grow the business.