Top

Sign up for Free

Everything you wanted to know about Security

Security

Where do servers and data physically reside?

Where do servers and data physically reside?

Multiple and redundant server clusters are in place in order to maintain high availability. Servers are provided by DigitalOcean and are mainly located in the data center located in the NYC area (located in the Equinix and Telx datacenters), as well we have servers for offsite recovery located in San Francisco (Telx).

All servers are on a dedicated Private cloud managed directly by UPilot.

What data security standards does UPilot adhere to?

What data security standards does UPilot adhere to?

As per DigitalOcean policy, all servers are compliant to SOC 1/SSAE 16 (SOC 1 Type II), SOC 2 Type II, SOC 3 and PCI-DSS –  Digital Ocean Policy

How is the data backed up?

How is the data backed up?

Customer data, excluding files attached in UPilot by the customer, are backed up from a “slave server”. Data are then transferred with an encrypted connexion using SCP (File transfer over Secure Shell) to the offsite backup server located in DigitalOcean data center in San Francisco.

 

One “master server” and two “slaves servers” are in charge to guarantee high availability on NYC data center. One in-site backup is done from the “slave server” in NYC data center. And finally, data are stored off-site in San Francisco data center. Additionally, file attachments uploaded by the customer in UPilot will be stored in a separate and secured server in NYC data center.

How often is data backed up?

How often is data backed up?

The data is automatically backed up twice a day.

How often is a security audit done?

How often is a security audit done?

Internal audits are done monthly or following any important update of the server infrastructure. External audits are done by ‘SecurityMetrics’ in order to comply and be certified by PCI DSS (Payment Card Industry Data Security Standards Validation). In order to maintain PCI DSS compliance, any scans must be passed every 3 months.

What type of encryption is being used?

What type of encryption is being used?

The connection to upilot.com, including every domain and every request, is encrypted and authenticated over the HTTPS protocol using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). Data storage of passwords and user access, including tokens, are encrypted using Rijndael cipher used with a 256-bit block.

Are data backups encrypted?

Are data backups encrypted?

Yes – Data backups are also encrypted.

How are the encryption keys managed?

How are the encryption keys managed?

All encryption keys are stored separately on another database accessible only by the system administrator that can access a specific database. Only the software itself can link the encryption keys to specific encrypted data.

Will we be notified in case of data breach?

Will we be notified in case of data breach?

Yes, we follow a completely transparent policy with regards to account and data security. As such, we will notify all clients in case any data breach is detected.

How does UPilot decide on employees to have physical access to network and servers?

How does UPilot decide on employees to have physical access to network and servers?

UPilot employees do not have any physical access to the network and the servers. All physical access and security is managed directly by DigitalOcean.

What are the physical security measures at DigitalOcean facilities?

What are the physical security measures at DigitalOcean facilities?

The DigitalOcean facilities also provide physical security at their data centers. For the data centers being used by UPilot, the security includes:

 

NYC3 Security includes 24×7 Onsite Security Personnel, CCTV Camera Systems – 90+ Day Retention, Biometric and Proximity Badge Access.

 

SFO1 security includes 24×7 onsite security, 2-factor authentication with biometric access, CCTV monitoring, Man-Trap entrance prior to elevator access to all data center suites

Who will be able to access your data?

Who will be able to access your data?

Only internal server administrators can get access to the database in order to fix technical issues when detected during support or release of new features. Data may also be accessed by the assigned support representative when the account administrator asks UPilot to take action on the account (such as checking a technical issue or solve support requests). All access is monitored.

How does UPilot ensure another customer cannot access your data?

How does UPilot ensure another customer cannot access your data?

Customer data are individually stored in a separate database. This is making impossible, directly or indirectly (Following a technical issue for example) for another UPilot account to access to other customers data while using UPilot.

How is UPilot processing payments and financial transactions?

How is UPilot processing payments and financial transactions?

All our payment processing including save of such information, if any, is managed directly by our payment process, Braintree (https://www.braintreepayments.com/). Braintree is a service of PayPal.

What is the security used on saving of credit card details?

What is the security used on saving of credit card details?

We do not save any of your bank or credit card details on UPilot servers. All payments and financial transactions are managed directly by Braintree (https://www.braintreepayments.com/), a service of PayPal.

Request a Live UPilot Demo

Schedule a free demo from one of our sales experts to see
how UPilot can revolutionize the way you grow your sales.

Get Demo of UPilot CRM

  • Please enter a valid email address

    Please enter your email address

  • Please enter a valid phone number

    Please enter your phone number