SecurityLast Updated: April 26th, 2019
We take security seriously at UpStack, and understand the importance of ensuring that data is managed with confidentiality.
The following describes our commitment to security on the UpStack platform.
For any questions or concerns please contact email@example.com.
Visibility and control of all project access
- Visible pricing information is localized to individual projects.
- Users requesting pricing information on the UpStack marketplace are shown their own projects only.
- UpStack administrative staff members have access to projects to serve support requests on behalf of users.
Visibility and control of all pricing access
- Vendor users may store pricing information on the UpStack marketplace for use in generating quotes.
- Vendor users providing pricing information on the UpStack marketplace have access to their own pricing information only.
- UpStack administrative staff members have access to pricing information to assist vendors with data questions.
- All data transfers from a device to UpStack secure cloud software with industry standard 2048-bit SSL encryption.
- Passwords are stored and transmitted securely and hashed using a strong salt.
Protection against application attacks
- UpStack uses controls and technologies to prevent attackers from exploiting application-level vulnerabilities.
- UpStack runs on Amazon Web Services infrastructure and the Heroku platform.
- Systems are hosted in ISO 27001 and FISMA certified data centers managed by Amazon Web Services
- Physical access is strictly controlled both at the perimeter and at building ingress points
- Data centers employ onsite security staff, video surveillance, and intrusion detection systems
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
- Data centers are housed in nondescript facilities
- Physical security verified by third-party auditors
UpStack software runs in data centers in the United States and Europe, with protocols for switching from one zone to another in the event of any disruption to service availability.