White-paper
The ultimate guide to getting paid on time

Security

Security is one of our biggest priorities here at Upflow. On this page we have provided information about the security of your data and our general security practices.

HR/Corporate Policies

  • We run background checks on all incoming employees, or contractors who will be working with Upflow, before starting at the Company.
  • All employees sign confidentiality agreements to protect customer information.
  • Support staff do not have access to fine-grained customer data, instead they rely on metadata to provide support.
  • Developers participate in regular security training to learn about common vulnerabilities and threats.

Infrastructure Security

  • Our datacentres are hosted in the EU (Ireland) by AWS. They are ISO 27001, 27017, 27018 and SOC 1, 2, 3 Compliant.
  • All data is encrypted in transit using TLS 1.3, sensitive data is encrypted at rest using a symmetric key algorithm.
  • We use Distributed Denial of Service (DDoS) mitigation services powered by Cloudflare.

Data Protection

  • We use continuous protection and master-slave replication to protect against any database failures.
  • We perform automatic, nightly backups of all customer data.

Audits

  • We undergo an annual third-party penetration test and source code audit of our production services.
  • Security review is an integral part of our development lifecycle, incorporated into our design, implementation, and test processes.
  • We're listed in the Quickbooks App Store and have cleared all mandatory security audits required by Intuit.

Threat and Vulnerability Management

  • We have automated systems to inventory installed software and software versions on production systems.
  • All high-risk vulnerabilities are addressed within 90 days of discovery. Most medium-risk vulnerabilities are addressed within 180 days of discovery.
  • We welcome feedback from the security community and strive to quickly address security issues involving our products and services. Please report security issues to security@upflow.io in accordance with our bug bounty programme

Insurance

  • In addition to following industry standard security best practices, we have a comprehensive cyber insurance policy provided by AIG.
  • We have corporate liability insurance, that covers employee negligence and fraud. And cyber risk insurance that covers attacks from third parties.
  • Our insurance covers any damages incurred by our customers as a result of an attack on Upflow. We review the liability amount on a yearly basis as we grow the business.