Security

Our Commitment

Security of Upshotly customers' data is our primary concern. All the information you store in Upshotly remains yours, and we are committed to ensuring that your data is not accessed, shared to or viewed by anyone without the permission to do so.

Data encryption
From our end, we encrypt Upshotly's data both when it's at rest, as well as while being transmitted. To protect your content in transit, Upshotly uses a secure TLS 1.2 encryption. At rest, Upshotly content is protected using the industry standard AES-256 encryption.

Data access and authentication
Access to customer data is limited to authorized employees who require it for their job, and every data access record documented and stored in our logs.

Data backup
Upshotly's production data is regularly backed up to a separate, isolated location and all backups are encrypted.

In case you have found a lapse in our security measures, we humbly implore you to share it with us while guaranteeing our earnest efforts to remedy it at the earliest. Though at the moment we do not offer bug bounties we do guarantee plenty of good karma.

Responsible Vulnerability Disclosure

We care deeply about keeping our customers’ data safe and secure. Your input and feedback on our security is always appreciated.

Reporting an issue

If you discovered a security-related issue that isn't a common non-vulnerability. Kindly send a report to security@upshotly.com with relevant details as demonstrated in the following examples:
‍
Please send a report to with details like:

• A problem summary
• A PoC or a breakdown of how the issue can be replicated
• The operating system name and version as well as the web browsers name and version that you used to replicate the issue

Here’s how the process will go from there on:

• We will acknowledge your report.
• We will investigate the issue and may have clarifying questions.
  
• Once we deem the issue resolved, we will post an update with a warm acknowledgment and a heartful of thanks to your contribution.
  
• As disheartening it is at the moment that we are unable to offer bug bounties, we'd attribute to your universal credit and let the cosmos repay you in full.
  

What we're on a lookout for

We are interested in any vulnerabilities related to the application (https://app.upshotly.com) such as:

• Authentication issues
  
• Circumvention of our Platform/Privacy permissions model
  
• Cross-site scripting (XSS)
  
• Cross-site request forgery (CSRF/XSRF). This excludes logout CSRF.
  
• Server-side code execution
  

Our Ask

We’d like to ask you to search for and report vulnerabilities responsibly, with the following principles in mind:

• Don’t try to access or manipulate other customers data; only test on your own account
  
• Do not exfiltrate data from our infrastructure (including source code, data backups, configuration files).
  
• If you obtain remote access to our system, report your finding immediately. Do not attempt to pivot to other servers or elevate access.
  
• Please avoid techniques that might degrade the service for others (DoS, spamming, etc.)
  
• Please keep the vulnerabilities secret until you’ve notified us, and we’ve had adequate time to remedy the issues