Accounts Receivable Software
Request a demo


Security is crucial for us at Upflow. We’re responsible for providing a trustworthy environment to store and process data for our Merchants and their Customers. We continuously review and improve our internal processes and controls. We want to make sure our product - and on a higher level our whole organization - is aligned with best-in-class security practices. We prioritize the safety of your data so you can focus on the added value of our product.

On this page, you’ll find information about some of the general measures implemented to ensure a secure experience with our product and services.


Upflow is compliant with the SOC 2 security framework. We maintain a Type I report covering the security, confidentiality, and availability controls of the AICPA's Trust Services Criteria (TSC). This means we ensure enterprise-level protection, and secure our service in line with the AICPA's SOC 2 standards. Our SOC 2 Type I report is made available upon request.

Hosting infrastructure

Our entire technical platform is hosted by AWS and GCP in order to provide the highest standards in terms of physical and low-level infrastructure security. Both have achieved certified compliance against ISO 27001 (security management system), ISO 27017 (cloud computing), ISO 27018 (personal data).

We implement DDoS mitigations and a web application firewall (WAF) solution to protect the security and reliability of our platform.

All data is encrypted in transit (TLS 1.3) and at rest (files and databases).

Corporate security

We have a corporate security policy documentation framework for our staff. We also roll out a yearly and mandatory awareness program for all employees. It promotes internal security policies and keeps our team members aware of evolving threats.

All employees also sign confidentiality agreements with a highlight on protecting merchant information. Support staff doesn’t have access to fine-grained merchant data but relies on metadata to provide support instead.

Data Protection

We use continuous protection and offsite replication to protect against any database failures.

We perform automatic, daily offsite backups of all our production data.

Security reviews and audits

Security reviews - automated and human - are an integral part of our development lifecycle and are incorporated into our design, implementation, and test processes.

In addition to our regular SOC 2 audit program, we also have a yearly audit program that involves third-party experts confirming the security of our product. This audit includes penetration tests and source code audits.

Furthermore, we partner with a number of accounting solutions that have reviewed and cleared the security of our application and integration.

Vulnerability disclosure policy

In addition to our own controls, we welcome the responsible disclosure of security issues relevant to our products and services. We have defined a Vulnerability Disclosure Policy in order to encourage the disclosing of vulnerabilities by security researchers, users, or partners, including a reward program.

Upflow’s security team can be contacted at the following address: [email protected].


In addition to respecting industry-standard security best practices, we have comprehensive insurance policies for our main entity and all subsidiaries. These policies provide protection for any damage incurred by our Merchants and resulting of negligence, fraud, or attack on Upflow.

Our cyber insurance policy is contracted with Clear Blue Specialty Insurance and provides a US$5M liability coverage.