Data Protection
Your data, our responsibility.
Last updated:
At UpBuff, securing and protecting your data is a prime responsibility — not an afterthought. Every layer of our product architecture, every deployment decision, and every access control exists to ensure your data remains yours: private, secure, and under your control at all times. The following describes the security practices, controls, and standards we maintain across the UpBuff platform.
Architecture
Five-layer security protection
UpBuff products are built on a five-layer security model. Each layer addresses a distinct attack surface — from encrypted transit at the network edge to governed API boundaries at the integration layer. No single layer is sufficient on its own; all five work together to provide defence in depth.
Secure Socket Layer (SSL)
All data in transit is encrypted via SSL/TLS, providing an essential barrier against interception and man-in-the-middle attacks across every connection to the UpBuff platform.
Cloud Firewall Protection
Infrastructure hosted on AWS, Microsoft Azure, and DigitalOcean is protected by cloud-native firewalls that monitor and block network-level intrusions before they reach application layers.
Web Application Firewall (WAF)
A dedicated WAF monitors all incoming traffic, filters malicious IPs, blocks spam and injection attacks, and protects application endpoints from exploitation at the HTTP layer.
Role-Based Access Control (RBAC)
Every user is granted access only to the data and functions their role requires. Administrators enforce industry-standard password policies, and access privileges are reviewed on a regular cadence.
API Security Framework
All integrations with third-party platforms — including SAP, Salesforce, and WhatsApp — are mediated through a secure API framework that validates, parses, and governs data exchange at every boundary.
Customer data isolation
UpBuff adheres to a cloud data model in which each customer has their own dedicated database — ensuring that data retrieved at any point belongs exclusively to that customer. Individual customers can access only their own data. All data is secured, controlled, and maintained with access logging for subsequent audit by the UpBuff team.
Controls
Security controls in practice
Product security
UpBuff cloud platforms are maintained across multiple regions on AWS, Microsoft Azure, and DigitalOcean. Our integrated architectural approach ensures compliance from engineering to deployment, with cloud security built into every stage of the delivery pipeline.
Data security
All customer data is encrypted in transit over SSL-secured connections for every individual account. Access to production servers is restricted to authorised UpBuff resources only, enforced through multi-factor authentication at every entry point.
Network security
The UpBuff network is monitored by industry-grade firewalls. Production and testing environments are hosted on SSL-certified servers across AWS, DigitalOcean, and Azure. Remote access to production servers is restricted exclusively to secured office networks.
Change Management
Changes, merging and release requests
Our internal change control process diligently tracks all application, infrastructure, and content modifications. UpBuff conducts routine deployment reviews on a quarterly basis, with oversight and direction provided by senior management.
Access to development environments is strictly governed and limited solely to the authorised UpBuff team. This bars any access from the customer side, ensuring an environment that effectively prevents potential malfunctions and maintains the integrity of production systems.
Data Lifecycle
Data deletion
15-day guaranteed deletion
If you withdraw from our service or terminate your account, we will transfer all your data to you and permanently delete all data from UpBuff servers within 15 days of account closure. No residual data is retained beyond this window unless required by applicable law.
Responsible Disclosure
Responding to issues and threats
If you discover any issues or potential threats to the security or privacy of UpBuff, please reach out to us promptly at:
Your cooperation is vital in addressing security concerns promptly and effectively. We kindly request that you refrain from disclosing any unresolved vulnerabilities in public domains to maintain the confidentiality and integrity of our security efforts.
We greatly value your assistance in identifying and rectifying vulnerabilities within UpBuff products. Your efforts do not go unnoticed — we will formally recognise your contribution as soon as the issue has been successfully mitigated.
Public Non-Disclosure Policy
This programme does not allow public disclosure. Any individual who posts or publicly releases a vulnerability discovered through this programme shall be liable for legal penalties under applicable law.
The fine print
- UpBuff may modify the terms of or terminate this programme at any time.
- We will not apply any changes to these programme terms retroactively.
- UpBuff employees and their immediate family members are not eligible for any bounties or recognition rewards under this programme.
Contact us
For security-related enquiries or to report a vulnerability, contact our security team: