Your Data, Our Responsibility!
Last Updated on 27 August 2023
At Upbuff, we know securing and protecting your data is the prime responsibility. The following are the best practices implemented for the data privacy, protection, and security.
Product Architecture
Upbuff products encompass five-layer security protection. The first layer consists of a secure socket layer consisting of an extra and a crucial layer for protection against malicious attacks. The second layer is adhered to by cloud (AWS, Microsoft Azure, DigitalOcean) protection firewalls to protect from network-related intrusions. The third layer contains a web application firewall (WAF) to monitor IPs and spam. The fourth layer consists of verified role-based access for the users. Administrators should enforce industry-standard password policies for extra protection. The fifth layer contains an Application platform interface(API) for a secure data parsing framework associated with respective third parties (SAP, SalesForce, Whatsapp).
Upbuff adheres to a cloud data model to host its applications. Each customer has its own set of databases (‘DB’) to ensure the fetched data belongs to only the respective customer. So, the individual customers can access only their data. All data is secured, controlled, maintained, and accessed for a subsequent audit by the Upbuff team.
<architecture diagram>
Product Security
Upbuff’s cloud platforms mainly maintained by AWS, Microsoft Azure, and DigitalOcean across multiple regions. We build an integrated architectural approach ensures to complies from engineering to deployment with extra cloud security.
Data Security
Upbuff is very conscious about customer data safety and protection. All data is parsed through standard encryption over a secured socket connection for all individual accounts. Only authorized Upbuff’s resources have access to the production servers through multi-authentication.
Network Security
The Upbuff network is monitored and secured by industry-grade firewalls to protect from malware practices. Our production and testing environments are securely hosted servers in AWS, DigitalOcean, and Azure with extra layer SSL (Secured Socket Layer) certified protection for encrypted connection. Upbuff’s remote access support to production servers is restricted through secured office networks only.
Changes, Merging and Release Requests
Our internal change control process diligently tracks any application, infrastructure, or content modifications. Upbuff conducts routine deployment reviews on a quarterly basis, with oversight and direction provided by top-level management. Access to dev environments is strictly governed and limited solely to the authorized Upbuff team. This stringent approach bars any entry from the customer side, ensuring an environment that effectively prevents potential malfunctions.
Data Deletion
If you withdraw our service or terminate your account, we ensure all your data transferred to you and delete all data permanently from Upbuff servers within 15 days.
Responding to Issues and Threats
If you went through any issues or potential threats to the security or privacy of Upbuff, promptly reach us at security@upbuff.com with the relevant details. Your cooperation is vital in addressing these concerns promptly and effectively. We kindly request that you refrain from disclosing any unresolved issues in public domains to maintain the confidentiality and integrity of our security efforts.
Conclusion
We greatly value your assistance in identifying and rectifying any vulnerabilities within Upbuff products. Your efforts do not go unnoticed. We will recognize your contribution as soon as the issue is successfully mitigated.
Public Non Disclosure Policy
This program does not allow public disclosure. The one who posts or releases any vulnerability, found in the public domain shall be liable for legal penalties.
The Fine Print
Upbuff may modify the terms or terminate the program at any time. We won’t apply any changes we make to these program terms retroactively. Upbuff employees and their family members are not eligible for any bounties.
Report an Incident
If you have encountered any incidents or issues while using our products, report us immediately. Your feedback is crucial in helping us maintain a safe and reliable experience for all our valuable customers. security@upbuff.com
Report an Issue