Upsiide Security Policy

SECURITY POLICY 

The services on this site are offered to you by Dig Insights Inc. parent company of Upsiide which is a registered trademark of Dig Insights Inc. For the rest of this text, Upsiide will be used, but it is understood that Upsiide is a part of Dig Insights Inc.   

At Upsiide we know that our customers rely on us as a critical part of their business processes and record keeping. Security is an integral component of providing an accessible and reliable market research platform and we treat the security of our infrastructure as a priority one item. 

Reliability of the Upsiide Platform is measured by two components: (1) Security measures which consist of preventive measures to protect against intrusion and unauthorized access to data and (2) Recovery measures which consist of both preventive and recovery systems to ensure continuity of service in the event of a disaster. 

1. SECURITY

SSL 

All information travelling between your browser and the Upsiide platform servers is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating Upsiide and that your data is secure in transit against unauthorized eavesdropping. 

Firewalls 

Upsiide’s VPC is fully integrated with Amazon EC2 cloud, backed by web application firewalls. 

Upsiide Platform VPC terminates all HTTPS access on internet facing load balancers. Application and database servers are not accessible via DMZ. 

Intrusion detection 

All traffic entering and leaving the Upsiide Platform network is monitored by Amazon Security, as a standard service provided by Amazon EC2. 

Upsiide employs a second line monitoring to scan additional information on the usage of each account, and block unauthorized access to the Upsiide platform on a per session level. 

Encryption 

Particularly sensitive information – credit card numbers, bank account information, and your payment gateway account details – are encrypted and handled by our payment gateway providers, PayPal and Stripe, both which are industry leaders in keeping financial information secure and are certified PCI level 4 for storage of sensitive data at rest. 

Physical security 

The Upsiide VPC servers are located in state-of-the-art data centers within Amazon EC2 in multiple locations in Canada. Each center is professionally managed by our primary provider, Amazon EC2 and their certified affiliates providing biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control to protect the servers that store your data, community accounts, and manage your Upsiide application. 

1. RELIABILITY AND RECOVERY

Redundant servers and datacentres 

The Upsiide infrastructure uses redundant storage and servers that are professionally managed by Amazon to keep the Upsiide Platform and your data available in the case of hardware failure. Additionally, the Upsiide Platform implements hot fail-over architecture distributed across multiple VPCs comprising up-to-date application servers and storage in a geographically separate data centres in case their primary data centre is made unavailable by a disaster or other disruption. 

Managed hosting 

Upsiide has chosen Amazon services for our hosting needs. Amazon is an industry leader with many bluechip and Fortune 1000 companies as clients. Upsiide carefully and confidently chose Amazon to provide the world-class performance and service demanded by our world-wide customers to safely and securely run their Upsiide systems and applications. 

Backups for SaaS 

The data in your Upsiide system and account is replicated across multiple database servers in multiple geographic locations to prevent a single failure from causing data loss. Additionally, data is backed up nightly to tape and stored in a secure offsite location to ensure that, even in the event of a catastrophe like a fire, earthquake, tornado or flood, your information will be safe and your records can be quickly restored. 

Security Incident Management  

Our Security, Operational (SOC2) and Architectural documentation can be requested with an executed NDA. 

Upsiide conducts at least annual penetration testing with third party security providers as part of SOC2 certification. Critical and High vulnerabilities detected are remediated within 1 month of risk assessment validation. 

Detected and reported Security incidents will be initiated by our team and analyzed to understand impact by the Upsiide Security team. 

Significantly impacting incidents will be communicated to impacted Customers within two business days following verification. 

Customers will be notified using primary billing contact information. 

Customers are required to: 

-Ensure secure password policy and access management, not limited to: 

-Strong and secured customer managed credentials 

-Unique customer login credentials 

-Appropriately managed and stored secrets and access keys 

-Manage security and vulnerability risk associated with customer managed hardware, software, networks and files 

Updates: 

As our business evolves, we may update our Security Policy. Customers can review the agreement anytime on this page. 

If you have any security concerns or questions on how Upsiide implements security and disaster recovery strategies please contact our team. 

© Dig Insights Inc. All rights reserved – Last Revised: January 19, 2022