At UpTk LLC, security is a foundational part of our platform design and operations. We follow industry best practices to ensure the confidentiality, integrity, and availability of user data.
All infrastructure is hosted on Amazon Web Services (AWS) within private VPCs. No databases or services are exposed to the public internet. Only AWS Lambda functions with strict IAM permissions have access to backend resources.
All traffic is encrypted in transit using TLS 1.2+. Sensitive data such as passwords, tokens, and affiliate credentials are encrypted at rest using AES-256 or equivalent. We use HTTPS everywhere.
All users are authenticated via secure credentials, and sensitive actions require verified email accounts. Internal systems use role-based access control to restrict employee access to production data.
All code is version-controlled and peer-reviewed. We apply automated dependency checks and static analysis tooling to prevent vulnerabilities. Secrets are stored in environment variables and not hardcoded.
We monitor our systems for anomalies, failed logins, and unauthorized access attempts. If a breach is detected, we initiate an internal incident response plan and notify affected users as required by law.
All third-party services, such as Stripe, MongoDB Atlas, and Userlist, are vetted for SOC 2, ISO 27001, or equivalent compliance. Data shared with vendors is minimized and encrypted during transfer.
If you discover a vulnerability, we encourage you to report it by emailing us at info@uptk.io. We take all reports seriously and aim to resolve issues promptly.
Access to systems and personal data is governed by role-based access control and the principle of least privilege. Employees are granted only the permissions required for their duties, and all access is logged and periodically reviewed.
All user data is classified according to sensitivity and protected accordingly. Sensitive information is encrypted at rest using AES-256 and in-transit via HTTPS (TLS 1.2+). Credentials and API tokens are securely stored and never logged.
UpTk maintains a documented incident response policy that defines roles, escalation procedures, and communication channels. Our team monitors for security incidents and is prepared to respond quickly in case of breaches or misuse.
We conduct regular vulnerability scans using industry-standard tools such as OWASP ZAP. Threats are triaged based on severity and remediated on an appropriate timeline. Our build process includes automated security linting and dependency checks.
Developer and administrator endpoints are protected with up-to-date anti-malware software. Devices are configured with screen lock, disk encryption, and strong password policies. Multi-factor authentication is enforced across admin systems.
Our internal data protection policies are reviewed regularly and aligned with our published Privacy Policy. We minimize the collection of personal data and limit access based on operational necessity.
Thank you for helping us keep UpTk secure.