Security Policy

At Upbase, we take security seriously. We understand the importance of safeguarding your data and maintaining the confidentiality, integrity, and availability of our project management tool. This security page provides an overview of the measures we have implemented to ensure the security of your information.


Hosting and Data Centers

  • Infrastructure Provider: Upbase utilizes Amazon Web Services (AWS) servers to host all user data and files.

  • Data Center Locations: Our servers are hosted in AWS data centers located in the United States. AWS data centers adhere to strict physical security measures and industry-leading standards to ensure the safety and availability of our infrastructure.

  • Physical Security: AWS data centers employ advanced security controls, including 24/7 monitoring, access controls, video surveillance, and security staff to protect the physical infrastructure from unauthorized access or breaches.

  • Environmental Controls: AWS data centers maintain environmental controls such as fire detection and suppression systems, temperature and humidity regulation, and redundant power supplies to ensure the reliability and integrity of our infrastructure.


By leveraging AWS servers and their secure data centers, we can provide a robust and reliable hosting environment for your data within Upbase.


For additional information on the security of AWS, you can read more at:

http://aws.amazon.com/security/


Data Encryption

At Upbase, we employ strong encryption mechanisms to protect your data while it's at rest. This ensures that your information remains secure even when it is stored on our servers or backed up.


  • Data Encryption Algorithms: We utilize industry-standard encryption algorithms, such as AES (Advanced Encryption Standard), to encrypt your data. AES is widely recognized for its strength and is trusted by organizations worldwide for secure data protection.

  • Transport Encryption: All communication between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) technology to protect your data from interception and unauthorized access.

  • Encryption of Stored Files: All files uploaded to Upbase, including documents, attachments, and media files, are encrypted at rest. This encryption ensures that even if unauthorized access is gained to the underlying storage systems, the data remains encrypted and inaccessible without the proper decryption keys.

  • Database Encryption: In addition to encrypting stored files, we also encrypt sensitive data within our databases. This includes user credentials, project details, task information, and any other personally identifiable information (PII). Encryption adds an extra layer of protection to safeguard your data from unauthorized access.


Data Reliability

At Upbase, we understand the critical importance of data reliability. We have implemented comprehensive backup and recovery processes to ensure the availability and integrity of your data.


Data Backup

  • Regular and Automated Backups: We perform regular, automated backups of your data to safeguard against accidental loss, data corruption, or system failures.

  • Redundant Storage: Backups are stored on redundant storage systems to provide an added layer of protection against hardware failures. Multiple copies of your data are maintained in geographically distributed locations to guard against data loss.


Data Recovery

  • Point-in-Time Recovery: In the event of data loss or corruption, we can perform point-in-time recovery to restore your data to a specific previous state. This capability allows us to roll back to a specific backup snapshot, minimizing the impact of data inconsistencies or accidental deletions.

  • Data Integrity Checks: To maintain the integrity of your data, we regularly perform data integrity checks during backup and recovery processes. These checks verify the integrity and consistency of the backed-up data, ensuring that it can be successfully restored without any corruption or data loss.


Our data backup and recovery measures are designed to provide a reliable and secure environment for your information. We continuously monitor and optimize these processes to ensure the availability and integrity of your data throughout your experience with Upbase.


Privacy and Data Protection

At Upbase, we are committed to protecting your privacy and ensuring the secure handling of your data. We have implemented stringent measures to safeguard your information and comply with applicable data protection regulations.


Data Collection and Usage

  • Minimal Data Collection: We collect and process only the data necessary to provide our services and improve your user experience. We follow the principle of data minimization, ensuring that we collect and retain only the essential information required for the functioning of Upbase.

  • Lawful Basis: We process your data based on a lawful basis, such as the necessity of performance of a contract, compliance with legal obligations, or your explicit consent, where applicable.

  • Purpose Limitation: We use your data solely for the purposes specified in our Privacy Policy. We do not share your data with third parties for marketing purposes without your explicit consent.


Data Security

  • Access Controls: We enforce strict access controls, ensuring that only authorized personnel with a legitimate need have access to your data. Our access controls include role-based access controls, and strong password policies.

  • Employee Training and Confidentiality: Our employees undergo regular security awareness training to ensure the confidentiality and proper handling of your data. We maintain strict confidentiality obligations with our employees and contractors through legally binding agreements.


Data Retention and Deletion

  • Data Retention Period: We retain your data only for as long as necessary to provide our services and fulfill legal obligations.

  • Secure Data Deletion: When you request deletion of your data or terminate your account, we ensure the secure deletion or anonymization of your data from our systems. This includes erasing all associated backups and removing any personal identifiers, ensuring that the data is irretrievable.



Upbase Employee Access to Customer Data

At Upbase, we understand the importance of maintaining the confidentiality and privacy of your data. We have strict policies and procedures in place to govern employee access to customer data. Here's how we handle employee access:


  • Limited Access: Upbase employees are granted access to customer data on a need-to-know basis. Access to customer data is limited to authorized personnel who require it to fulfill their job responsibilities, such as for incident response or customer support purposes.

  • Confidentiality Obligations: All Upbase employees are bound by strict confidentiality agreements and policies. They are trained to respect the privacy and confidentiality of customer data and are required to adhere to these obligations throughout their employment and beyond.

  • Access Controls and Monitoring: We implement stringent access controls and monitoring mechanisms to ensure that employee access to customer data is logged, audited, and tracked. This allows us to detect and prevent any unauthorized access attempts or suspicious activities.

  • Data Access Permissions: Access permissions are granularly assigned to employees based on their roles and responsibilities. We follow the principle of least privilege, ensuring that employees have access only to the specific customer data necessary to perform their duties.

  • Supervision and Oversight: Employee access to customer data is subject to supervision and oversight. We have robust monitoring mechanisms in place to ensure that access is appropriate, and any unauthorized access attempts or policy violations are promptly identified and addressed.



Vulnerability Management

Our team actively monitors and addresses potential security vulnerabilities in our systems. We regularly perform vulnerability assessments, penetration testing, and code reviews to identify and remediate any security issues.


Security Incident Response

  • Monitoring and Logging: We employ robust monitoring and logging mechanisms to detect and respond to security incidents promptly.

  • Security Incident Response Plan: In the event of a security incident, we have a well-defined incident response plan to mitigate the impact, notify affected parties, and take appropriate measures to prevent similar incidents in the future.


Contact Us

For any questions or concerns regarding Security, please contact us at [email protected]