Security and privacy at Uberflip
At Uberflip, we believe that personalized content experiences drive business growth. We accomplish this with a platform that enriches your go-to-market strategies by leveraging your content to accelerate relevant customer engagement, at scale. At the center of this is our commitment to security and privacy.
We combine enterprise-grade security policies, procedures, and product features with comprehensive audits of our applications, systems, and networks to ensure customer data is protected.
We are working to earn your trust every day by focusing on eight key areas of security and privacy:
Security certifications
Uberflip has the appropriate measures in place to be compliant with a number of industry standard certifications and best practices
-
Uberflip is a Canadian company and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). For EU customers, this means that personally identifiable information (PII) can be transferred to Canada without additional controls because our data is stored in Canada.
-
Uberflip complies with the California Consumer Privacy Act (CCPA).
-
Uberflip is SOC2 Type II compliant and can provide a third-party attestation report.
General Data Protection Regulation (GDPR)
Uberflip recognizes that maintaining GDPR and privacy compliance is a top priority for your business. That’s why we take a holistic and personalized approach to compliance by refining our internal processes, clarifying data usage, and making compliance straightforward in the product
-
Uberflip has built tools within the platform that make it easy for marketers to stay GDPR compliant.
-
Uberflip maintains a list of sub-processors we work with as part of our ongoing commitment to privacy.
Data center and network security
-
Uberflip hosts all its software and customer data in Amazon Web Services (AWS) facilities in Canada. Customer data is stored primarily in the ca-central-1 AWS region. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 3 and ISO 27001. See Amazon’s compliance and security documents for more information.
-
The data center network is segmented to ensure non-production systems can't access production systems.
-
Uberflip systems and infrastructure are only accessible via a secure sockets layer virtual private network with multi-factor authentication , and individual secure shell keys.
-
Uberflip conducts third-party network vulnerability scans at least annually.
Application security
-
Uberflip performs regular security testing of our platform to ensure vulnerabilities are identified and mitigated in a timely fashion.
-
Uberflip conducts penetration testing by an independent third party at least annually.
-
User passwords are hashed with SHA-256 and cannot be decrypted. Audit capabilities are available for administrators to see when users last logged on.
-
Uberflip supports single sign on which allows users to authenticate without having to enter credentials for the Uberflip instance. We support external identity providers such as Okta, Google, and OneLogin.
Data security
-
Uberflip uses principles of least privilege and segregation of duties, allowing authorized users only enough access to perform the required job.
-
Uberflip always encrypts customer data in the production environment and at rest with AES 256-bit encryption.
-
Uberflip stores visitor data for a maximum of two years and provides the controls for data to be deleted at any time by the customer.
Security policies and secure development lifecycle (SDL)
-
Uberflip maintains a security awareness program for employees, which includes initial education and ongoing awareness to ensure everyone understands their security responsibilities.
-
Employee hiring processes include background screening and the signing of a non-disclosure agreement.
-
Uberflip uses secure development lifecycle practices which include code reviews, secure data access, and centralized logging.
-
Earning and keeping the trust of our customers is paramount at Uberflip. We will notify customers within 48 hours of a confirmed security vulnerability.
Application monitoring
-
All access to the Uberflip application is logged in a central system and stored for at least 15 months.
-
Uberflip maintains a formal disaster recovery plan which is tested annually and a business continuity plan which is assessed annually.
Uptime
-
Uberflip maintains a publicly accessible platform-status page which includes current states, past incidents, and a historical snapshot of uptime. Customers can subscribe to the page for real-time updates as they occur.
-
Uberflip makes every reasonable effort to make the platform available at least 99.5% of the time on a monthly basis
For more detailed information, check out our privacy policy, data security policy, and data processing addendum.