We maintain the highest standards of data privacy and security because we know your employee data is important to keep secure. Upful undergoes regular security reviews and encrypts data at rest and in transit.
Our customers entrust sensitive data to our care.
Upful uses vendors that have data centers monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified. Upful has a mature vendor management program and evaluates all vendors for data privacy and security. For more information about the vendors we use, please contact us so we can provide details privately.
All data is encrypted in-transit to and from the user and within the Upful platform using TLS 1.2. All data is encrypted at-rest using 256-bit encryption via native AWS capabilities.
Access to customer data is limited to authorized employees who require it for their job and data access is logged.
The network is continuously monitored for suspicious activities. Users have the ability to report suspicious activity directly to Upful. If you believe you have discovered a potential vulnerability, please let us know by emailing us at security@upful.ai.
Only necessary Upful employees are provided with the least privilege access (read-only) to the systems that store customers’ data. The access is provided only when absolutely necessary. Access privileges are decided and approved by the CEO and CTO. The employee’s access to the system is terminated immediately if the employment is terminated or if their role no longer has a need to access that data. Employees access the customer data and the service using 2-Factor Authentication.
Upful maintains an incident response plan for all security incidents. If Upful experiences a data breach, it will perform an investigation into the root causes of the breach by isolating the data backup. It will analyze the impact of the breach and pursue appropriate mitigations. Once the investigation and initial response is completed successfully, Upful will notify customers affected by the breach within 72 hours.
All Upful employees receive training during new hire orientation that improves their understanding of some critical security topics like: How to treat customer data, handling of suspicious emails, anti-phishing and social engineering training, personal device usage, separation of business and personal accounts.
Upful employees are required to follow best practices like: locking their device screen when not within viewing distance, all devices have passwords, passwords must meet complexity requirements, utilize multi-factor authorization.
All employees are required to review and agree to Upful’s strict IT Security Policies, which are annually reviewed to incorporate periodic updates.
If you believe you have discovered a potential vulnerability, please let us know by emailing us at security@upful.ai. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Upful service. Please only interact with domains you own or for which you have explicit permission from the account holder. We may revise these guidelines from time to time. The most current version of the guidelines will be available at Upful.ai/security.
Upful’s Privacy Policy contains details of what data Upful processes, why and how it is processing it, and what rights users have. The Privacy Policy is available to all users here: https://app.upful.ai/privacy
Upful implements secure development practices to ensure security is considered at all stages of the software development lifecycle.
Some of the key principles the Upful team follows include:
The new ‘California Consumer Protection Act’ (CCPA) came into effect on January 1, 2020. The state law grants California consumer residents new rights over their personal information. These rights are: the right to know (or access), the right to delete, and the right to opt-out of sale of personal information that a company may collect, retain, or disclose about a consumer.
If you wish to exercise any of these rights, you can do so by emailing us at security@upful.ai
Additionally, the CCPA prohibits businesses from discrimination against consumers in terms of access to services if they choose to exercise their rights under the CCPA.
The CCPA applies to for-profit entities doing business in California that collect, share, or sell California consumer residents personal information and either:
Data at rest is encrypted using AES-256, block-level storage encryption.
Upful reviews its security policies and procedures bi-annually.