Upward considers the security of our applications and the privacy of our users’ data extremely important. While it is impossible to predict the full range of future cyber threats against our systems, we regularly assess and work to improve our security in an effort to enhance the safety of our user community.
Upward employs physical, procedural and electronic controls in connection with the protection of our systems and user data from unauthorized access. This includes regularly having our systems and applications reviewed for potential issues by our internal security team and outside security firms.
Reporting Security Vulnerabilities
Upward welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to email@example.com. Reports received through this channel will receive a prompt reply, and if you do not receive such a response, we ask that you please attempt to contact us again. To protect our users, we also request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of Upward, until we have confirmed with you that any such vulnerability has been properly mitigated.
Upward’s bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure.