Webinar
Fast-growing companies: 4 receivables KPIs you must track to scale
Watch the Replay

Security

Security is one of our biggest priorities here at Upflow. On this page we have provided information about the security of your data and our general security practices.

Compliance

  • Upflow is SOC-2 Type 1 compliant (security, availability & confidentiality).
  • We are also GDPR compliant.
  • The documents relating to the above are available upon request.

HR/Corporate Policies

  • We run background checks on all incoming employees, or contractors who will be working with Upflow, before starting at the Company.
  • All employees sign confidentiality agreements to protect customer information.
  • Support staff do not have access to fine-grained customer data, instead they rely on metadata to provide support.
  • Developers participate in regular security training to learn about common vulnerabilities and threats.

Infrastructure Security

  • Our datacentres are hosted in the EU (Ireland) by AWS. They are ISO 27001, 27017, 27018 and SOC 1, 2, 3 Compliant.
  • All data is encrypted in transit using TLS 1.3, sensitive data is encrypted at rest using a symmetric key algorithm.
  • We use Distributed Denial of Service (DDoS) mitigation services powered by Cloudflare.

Data Protection

  • We use continuous protection and master-slave replication to protect against any database failures.
  • We perform automatic, nightly backups of all customer data.

Audits

  • We undergo an annual third-party penetration test and source code audit of our production services.
  • Security review is an integral part of our development lifecycle, incorporated into our design, implementation, and test processes.
  • We're listed in the Quickbooks App Store and have cleared all mandatory security audits required by Intuit.

Threat and Vulnerability Management

  • We have automated systems to inventory installed software and software versions on production systems.
  • All high-risk vulnerabilities are addressed within 30 days of discovery. Most medium-risk vulnerabilities are addressed within 90 days of discovery.
  • We welcome feedback from the security community and strive to quickly address security issues involving our products and services. Please report security issues to [email protected] in accordance with our bug bounty programme

Insurance

  • In addition to following industry standard security best practices, we have a comprehensive cyber insurance policy provided by Clear Blue Insurance Group.
  • We have corporate liability insurance, that covers employee negligence and fraud. And cyber risk insurance that covers attacks from third parties.
  • Our insurance covers any damages incurred by our customers as a result of an attack on Upflow. We review the liability amount on a yearly basis as we grow the business.