Trust & Security Center
Trust and security are core company values at Uptime.com and fundamental to our commitment to customers.
Our Commitment
Uptime.com’s security & compliance principles guide how we deliver our products and services, enabling people to simply and securely access our service. This commitment extends into our software, systems, vendors, and employees, all of which are a critical part of maintaining customer trust.
Security
Security is at the center of everything we build and operate. View our commitment to keeping your data safe below.
Secure Personnel
Uptime.com takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to required resources.
All Uptime.com contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques and attack vectors.
Secure Development
All development projects at Uptime.com, including on-premises software products, support services, and our own service offerings, follow secure development lifecycle principles.
All development of new products, tools, and services, and major changes to existing ones, undergo a design review to ensure security requirements are incorporated into proposed development.
All team members regularly involved in system development undergo annual secure development training in the coding or scripting languages they work with, as well as any other relevant training.
Software development is conducted in line with OWASP Top 10 recommendations for web application security.
Secure Testing
Uptime.com deploys third-party penetration testing and vulnerability scanning of production and Internet-facing systems on a regular basis.
All new systems and services are scanned prior to being deployed to production.
We perform penetration testing both by internal security engineers and external penetration testing companies on new systems and products or major changes to existing systems, services, and products to ensure a comprehensive and real-world view of our products and environment from multiple perspectives.
We perform static and dynamic software application security testing of code, including open source libraries, as part of our software development process.
Cloud Security
Uptime.com’s service provides strong security with customer isolation in a modern cloud architecture following industry best practices. Uptime.com relies on the native physical and network security features of cloud service providers and on those providers to maintain infrastructure, supporting services, and physical access policies and procedures.
Customer environments and data are segmented and isolated at a low level to help prevent accidental cross-customer data access and malicious attacks.
Data is encrypted at rest and in transit to help prevent unauthorized access and reduce the risk of data breaches. Our platform is continuously monitored by trained Uptime.com experts.
We separate each customer's data from our own, utilizing industry best practices to ensure data is protected and isolated.
Our controls are designed to align with SOC 2 security principles, including protections for data in transit and at rest.
We implement role-based access controls and the principle of least privilege, and review and revoke access as needed.
Vulnerability Remediation
At Uptime.com, we understand the critical importance of vulnerability management both for the smooth operation of our business and for the peace of mind of our valued customers. Our commitment to security is unyielding.
When vulnerabilities impact our systems and services, we act swiftly. Remediation actions, whether patching or alternative mitigations, are executed within a timeframe corresponding to the vulnerability’s severity, subject to the availability of a suitable patch or remediation guidance.
We maintain the trust placed in us by treating vulnerability management as a top priority. Ensuring our systems are robust and secure helps us deliver seamless service to our customers.
Guidelines for Response Time based on Severity
- For Critical issues: Response within 24 hours
- For High severity: Response within 1 week
- For Medium severity: Response within 1 month
- For Low severity: Response within 3 months
- For Informational items: Response as needed
When a vulnerability disclosure arrives with a severity rating, we typically use it as our initial guide. However, we reserve the right to adjust this rating upward or downward using our expertise and best judgment.
Privacy
We implement technical and organizational measures designed to protect customer data and support the secure operation of the Services. Learn More about Uptime.com's Privacy Policy
Data Processing Addendum
Our Data Processing Addendum (DPA) describes how Uptime.com processes personal data on behalf of customers in connection with the Services, including our commitments relating to security, subprocessors, and international data transfers. Learn More about Uptime.com's Data Processing Addendum
Subprocessors
Uptime.com uses a limited number of trusted third-party service providers to help deliver our services. We maintain a current list of subprocessors to support transparency and customer privacy due diligence. Learn More about Uptime.com's Subprocessors
Resiliency
Organizations depend on Uptime.com monitoring for mission-critical monitoring; that’s why we are committed to delivering the best service possible and keeping our customers informed on our system availability. See our Status Page for the latest status on our services. Learn More about Uptime.com's Status monitoring
Compliance
Uptime.com maintains a security and compliance program designed to protect customer data and support applicable regulatory requirements. Our security practices are regularly assessed and validated through independent audits, including SOC 2 Type II. Where personal data is transferred internationally, Uptime.com relies on appropriate safeguards, including the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, where applicable.
SOC 2 Type II
Uptime.com successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Uptime.com’s information security practices, policies, procedures, and operations meet SOC 2 standards for security. An unqualified opinion on a SOC 2 Type II audit report demonstrates to current and future customers that we manage data with a high standard of security and compliance.
GDPR
Uptime.com supports customer compliance with GDPR and other applicable data protection laws by providing appropriate contractual commitments and documentation. This includes support for data processing terms and cross-border transfer safeguards. See our dedicated GDPR page for more information. Learn More.