Security. Compliance. Protection.

You trust us with your data, and we take that responsibility seriously.

Upzelo works with a network of trusted partners to ensure the privacy of your customer's data is safe in our hands.

AWS Logo
AWS Logo
On Security
On Security
CREST certified Penetration Test
CREST certified Penetration Test
SendGrid Logo
SendGrid Logo

Our Principles.

We have an Information Security Program in place that is communicated throughout the organisation. Our principles follow the criteria set forth by GDPR, CCPA and the SOC 2 Framework.

Our Principles.

We have an Information Security Program in place that is communicated throughout the organisation. Our principles follow the criteria set forth by GDPR, CCPA and the SOC 2 Framework.

Our Principles.

We have an Information Security Program in place that is communicated throughout the organisation. Our principles follow the criteria set forth by GDPR, CCPA and the SOC 2 Framework.

Our Principles.

We have an Information Security Program in place that is communicated throughout the organisation. Our principles follow the criteria set forth by GDPR, CCPA and the SOC 2 Framework.

1

Audits and penetration testing

Our organisation undergoes independent, CREST-approved assessments annually to rigorously test our security and compliance controls, ensuring the integrity and robustness of our services remain uncompromised.

1

Audits and penetration testing

Our organisation undergoes independent, CREST-approved assessments annually to rigorously test our security and compliance controls, ensuring the integrity and robustness of our services remain uncompromised.

1

Audits and penetration testing

Our organisation undergoes independent, CREST-approved assessments annually to rigorously test our security and compliance controls, ensuring the integrity and robustness of our services remain uncompromised.

Audits and penetration testing

Our organisation undergoes independent, CREST-approved assessments annually to rigorously test our security and compliance controls, ensuring the integrity and robustness of our services remain uncompromised.

2

Roles and responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well-defined and documented. Our team members are required to review and accept all of the security policies.

2

Roles and responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well-defined and documented. Our team members are required to review and accept all of the security policies.

2

Roles and responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well-defined and documented. Our team members are required to review and accept all of the security policies.

Roles and responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well-defined and documented. Our team members are required to review and accept all of the security policies.

3

Security awareness training

Our team members must go through employee security awareness training covering standard industry practices and information security topics such as phishing and password management.

3

Security awareness training

Our team members must go through employee security awareness training covering standard industry practices and information security topics such as phishing and password management.

3

Security awareness training

Our team members must go through employee security awareness training covering standard industry practices and information security topics such as phishing and password management.

Security awareness training

Our team members must go through employee security awareness training covering standard industry practices and information security topics such as phishing and password management.

4

Confidentiality

All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.

4

Confidentiality

All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.

4

Confidentiality

All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.

Confidentiality

All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.

5

Cloud infrastructure & data hosting

All of our services are hosted with Amazon Web Services (AWS) in the US-East-1 region.

5

Cloud infrastructure & data hosting

All of our services are hosted with Amazon Web Services (AWS) in the US-East-1 region.

5

Cloud infrastructure & data hosting

All of our services are hosted with Amazon Web Services (AWS) in the US-East-1 region.

Cloud infrastructure & data hosting

All of our services are hosted with Amazon Web Services (AWS) in the US-East-1 region.

6

Encryption at rest and in transit

All databases are encrypted at rest and in transit with TLS/SSL only.

6

Encryption at rest and in transit

All databases are encrypted at rest and in transit with TLS/SSL only.

6

Encryption at rest and in transit

All databases are encrypted at rest and in transit with TLS/SSL only.

Encryption at rest and in transit

All databases are encrypted at rest and in transit with TLS/SSL only.

7

Vulnerability scanning, logging and monitoring

We perform vulnerability scanning and actively monitor and log for threats concerning customer data.

7

Vulnerability scanning, logging and monitoring

We perform vulnerability scanning and actively monitor and log for threats concerning customer data.

7

Vulnerability scanning, logging and monitoring

We perform vulnerability scanning and actively monitor and log for threats concerning customer data.

Vulnerability scanning, logging and monitoring

We perform vulnerability scanning and actively monitor and log for threats concerning customer data.

8

Business continuity and disaster recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure and utilise monitoring services to alert the team of any failures affecting users.

8

Business continuity and disaster recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure and utilise monitoring services to alert the team of any failures affecting users.

8

Business continuity and disaster recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure and utilise monitoring services to alert the team of any failures affecting users.

Business continuity and disaster recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure and utilise monitoring services to alert the team of any failures affecting users.

9

Incident response plan ready

We have a process for handling information security events, including escalation procedures, rapid mitigation and communication.

9

Incident response plan ready

We have a process for handling information security events, including escalation procedures, rapid mitigation and communication.

9

Incident response plan ready

We have a process for handling information security events, including escalation procedures, rapid mitigation and communication.

Incident response plan ready

We have a process for handling information security events, including escalation procedures, rapid mitigation and communication.

10

Permissions and authentication

Access to cloud infrastructure and other sensitive tools is limited to authorised employees who require it for their role via SSO or 2FA.

10

Permissions and authentication

Access to cloud infrastructure and other sensitive tools is limited to authorised employees who require it for their role via SSO or 2FA.

10

Permissions and authentication

Access to cloud infrastructure and other sensitive tools is limited to authorised employees who require it for their role via SSO or 2FA.

Permissions and authentication

Access to cloud infrastructure and other sensitive tools is limited to authorised employees who require it for their role via SSO or 2FA.

11

Quarterly access reviews

We perform quarterly access reviews of all team members with access to sensitive systems.

11

Quarterly access reviews

We perform quarterly access reviews of all team members with access to sensitive systems.

11

Quarterly access reviews

We perform quarterly access reviews of all team members with access to sensitive systems.

Quarterly access reviews

We perform quarterly access reviews of all team members with access to sensitive systems.

12

Least privilege access control

We follow the principle of least privilege concerning identity and access management.

12

Least privilege access control

We follow the principle of least privilege concerning identity and access management.

12

Least privilege access control

We follow the principle of least privilege concerning identity and access management.

Least privilege access control

We follow the principle of least privilege concerning identity and access management.

13

Password managers and requirements

All company-issued devices utilise a password manager for team members to manage passwords and maintain minimum password complexity for access.

13

Password managers and requirements

All company-issued devices utilise a password manager for team members to manage passwords and maintain minimum password complexity for access.

13

Password managers and requirements

All company-issued devices utilise a password manager for team members to manage passwords and maintain minimum password complexity for access.

Password managers and requirements

All company-issued devices utilise a password manager for team members to manage passwords and maintain minimum password complexity for access.

14

Annual risk assessments

We undergo at least annual risk assessments to identify potential threats, including considerations for fraud.

14

Annual risk assessments

We undergo at least annual risk assessments to identify potential threats, including considerations for fraud.

14

Annual risk assessments

We undergo at least annual risk assessments to identify potential threats, including considerations for fraud.

Annual risk assessments

We undergo at least annual risk assessments to identify potential threats, including considerations for fraud.

15

Vendor risk management

Vendor risk is determined, and the appropriate vendor reviews are performed before authorising a new vendor.

15

Vendor risk management

Vendor risk is determined, and the appropriate vendor reviews are performed before authorising a new vendor.

15

Vendor risk management

Vendor risk is determined, and the appropriate vendor reviews are performed before authorising a new vendor.

Vendor risk management

Vendor risk is determined, and the appropriate vendor reviews are performed before authorising a new vendor.

Contact security

Contact security

Contact security

If you have any questions, comments or concerns then please contact security team.

If you have any questions, comments or concerns then please contact security team.

If you have any questions, comments or concerns then please contact security team.