Get demo
Security2021-07-22T10:13:38+00:00

Multiple and redundant server clusters are in place in order to maintain high availability. Servers are provided by DigitalOcean and are mainly located in the data center located in the NYC area (located in the Equinix and Telx datacenters), as well we have servers for offsite recovery located in San Francisco (Telx).

All servers are on a dedicated Private cloud managed directly by UPilot.

As per DigitalOcean policy, all servers are compliant to SOC 1/SSAE 16 (SOC 1 Type II), SOC 2 Type II, SOC 3 and PCI-DSS –  Digital Ocean Policy

Customer data, excluding files attached in UPilot by the customer, are backed up from a “slave server”. Data are then transferred with an encrypted connexion using SCP (File transfer over Secure Shell) to the offsite backup server located in DigitalOcean data center in San Francisco.

One “master server” and two “slaves servers” are in charge to guarantee high availability on NYC data center. One in-site backup is done from the “slave server” in NYC data center. And finally, data are stored off-site in San Francisco data center. Additionally, file attachments uploaded by the customer in UPilot will be stored in a separate and secured server in NYC data center.

The data is automatically backed up twice a day.

Internal audits are done monthly or following any important update of the server infrastructure. External audits are done by ‘SecurityMetrics’ in order to comply and be certified by PCI DSS (Payment Card Industry Data Security Standards Validation). In order to maintain PCI DSS compliance, any scans must be passed every 3 months.

The connection to upilot.com, including every domain and every request, is encrypted and authenticated over the HTTPS protocol using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). Data storage of passwords and user access, including tokens, are encrypted using Rijndael cipher used with a 256-bit block

Yes – Data backups are also encrypted.

All encryption keys are stored separately on another database accessible only by the system administrator that can access a specific database. Only the software itself can link the encryption keys to specific encrypted data.

Yes, we follow a completely transparent policy with regards to account and data security. As such, we will notify all clients in case any data breach is detected.

UPilot employees do not have any physical access to the network and the servers. All physical access and security is managed directly by DigitalOcean.

The DigitalOcean facilities also provide physical security at their data centers. For the data centers being used by UPilot, the security includes:

NYC3 Security includes 24×7 Onsite Security Personnel, CCTV Camera Systems – 90+ Day Retention, Biometric and Proximity Badge Access.

SFO1 security includes 24×7 onsite security, 2-factor authentication with biometric access, CCTV monitoring, Man-Trap entrance prior to elevator access to all data center suites

Only internal server administrators can get access to the database in order to fix technical issues when detected during support or release of new features. Data may also be accessed by the assigned support representative when the account administrator asks UPilot to take action on the account (such as checking a technical issue or solve support requests). All access is monitored.

Customer data are individually stored in a separate database. This is making impossible, directly or indirectly (Following a technical issue for example) for another UPilot account to access to other customers data while using UPilot.

All our payment processing including save of such information, if any, is managed directly by our payment process, Braintree (https://www.braintreepayments.com/). Braintree is a service of PayPal.

We do not save any of your bank or credit card details on UPilot servers. All payments and financial transactions are managed directly by Braintree (https://www.braintreepayments.com/), a service of PayPal.