UPINION – SECURITY STATEMENT
Last updated: March 2 2021
At Upinion we are dedicated to protect all user data by offering a high security level. Your data is stored securely, encrypted and partitioned using state of the art security infrastructure. Upinion is ISO 27001 compliant. ISO 27001 is the international best practice standard for information security.
Physical Data Storage
Our servers are physically based in Europe in the city of Dublin, Ireland. The collected data is partitioned over a minimum of seven servers. Personal information and Conversation information are stored on separate servers in different physical locations.
We continuously monitor the availability of our servers and can scale up within minutes when high demand of our services require this. Our server park facilities offer a high standard of connectivity, storage, power backup, firewall, redundancy monitoring, uptime monitoring and failover. Scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. We perform continuous uptime monitoring, with immediate escalation to Upinion staff for any downtime.
A firewall restricts access to all ports except 80 (http) and 443 (https). The latest security patches are applied to all operating system and application files in order to mitigate newly discovered vulnerabilities. Backups are done approximately every hour and allow us to go back to data up to one month prior. The backups are stored on multiple geographically disparate sites.
User accounts have unique ID’s and passwords. We issue a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user. Access to our websites and web services are via Secure Sockets Layer (SSL). Passwords are individually salted and hashed.
User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Upinion issues a session cookie to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
We use SSL and Transport Layer Security (TLS) technologies (the successor technology to SSL) to protect communications by using both server authentication and data encryption. All other communications with our website and web services are sent over SSL/TLS connections. This ensures that user data in transit is secure and available only to intended recipients.
We check our internal security procedures regularly and keep them up to date. We do background checks when it comes to hiring new staff members. Staff members receive security and best practices training and need to comply with password and system access protocols. We have multi discipline engineer roles decreasing dependability of knowledge and access to certain parts of our systems. We screen our partners and Services providers. These parties must sign a non-disclosure agreement before processing any of our user or Conversation data.
We log usage data, monitor abuse and respond when needed. We run firewall software on local devices (desktops, laptops, tablets) in our office environment.
We have quality management systems in place when it comes to code checking and developing software. New system functionalities, designs, changes in security settings and changes in system settings are thoroughly tested in a separate “sandbox” environment to comply with our quality and security standards before entering production stage.
Upinion has a risk mitigation and a disaster recovery plan in place and tests these plans regularly. Upinion may modify its security infrastructure and/or this security statement from time to time.
Keep your data save
Ensure the data security of your account by using complicated passwords and storing them in a secure place. You should also make sure you run sufficient security on your own systems and keep any Conversation data that you download to your computer for your eyes only. We offer TLS encryption (also known as HTTPS) to secure all transmitted data, however you remain responsible for the browser settings on your computer.
Upinion enables you to export your Conversations from our system in a variety of formats so that you will be able to store this information or use it in other applications.
We try to collect and retain a minimal amount of personal data. Therefore we only ask you to provide us with personal information necessary to carry out our Services.
ISO 27001, ISO 27017 and GDPR
Upinion provides a platform and services for research and feedback, in which all data is treated in the same manner. Upinion follows GDPR regulations and ISO 27001 security measures in order to guarantee that data security complies with the highest standards. Upinion follows the ISO 27017 standard for storing user in data in the cloud.
Regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet. In the unlikely event we discover a security breach we will inform affected users if we consider this necessary. These users will then be able to take appropriate protective steps. This information will be provided via e-mail our mobile app or our website.
© 2016-2023 Upinion, all rights reserved