Security at UPZARE

Protecting your infrastructure is our top priority. We invest heavily in security at every layer — from physical data centres to network edge to application code — so you can focus on building.

DDoS Mitigation

Always-on, enterprise-grade DDoS protection capable of absorbing volumetric attacks up to 1 Tbps, included on every plan at no extra cost.

Encryption Everywhere

All data in transit is secured with TLS 1.3. Data at rest is encrypted with AES-256. API endpoints enforce HTTPS with HSTS preloading.

Hardened Infrastructure

Our servers run hardened Linux kernels, automated security patching, and are deployed in Tier III+ data centres with biometric access control.

24/7 Monitoring

Real-time intrusion detection, log analysis, and anomaly detection across our entire infrastructure. Our security team is on call around the clock.

Vulnerability Management

Continuous automated scanning, regular third-party penetration tests, and a structured patch management process to address vulnerabilities promptly.

Incident Response

A documented incident response plan with defined escalation paths, communication procedures, and post-incident review to minimise impact and prevent recurrence.

Infrastructure Security

Our hosting infrastructure is deployed across multiple geographically distributed data centres that meet or exceed Tier III+ standards. Each facility features:

  • 24/7 on-site security with CCTV surveillance and biometric access control.
  • Redundant power supplies with N+1 UPS and diesel generator backup.
  • Redundant network connectivity with multiple upstream providers.
  • Advanced fire suppression and climate control systems.
  • Physical intrusion detection and alarm systems.

Network Security

Our network is designed with defence in depth:

  • Edge Protection: Anycast-based DDoS scrubbing centres filter malicious traffic before it reaches our network.
  • Firewalls: Hardware and software firewalls with strict ingress/egress rules. Customer VPS instances include configurable firewall rules via the dashboard.
  • Network Segmentation: Customer workloads are isolated using VLANs and encrypted overlay networks. Management networks are fully separated from customer traffic.
  • Rate Limiting: API endpoints and authentication systems are protected by adaptive rate limiting to prevent brute force and credential stuffing attacks.

Application Security

Our platform is built with security as a core requirement:

  • All user passwords are hashed using bcrypt with per-user salts. We never store plaintext passwords.
  • Multi-factor authentication (MFA) is available for all accounts and enforced for administrative access.
  • Session tokens use cryptographically secure random generation with short expiration windows.
  • All user input is validated and sanitised. Our codebase is scanned for OWASP Top 10 vulnerabilities as part of our CI/CD pipeline.
  • Dependencies are monitored for known vulnerabilities using automated tools, with alerts for critical issues.

Data Protection

  • Encryption in Transit: All connections to our platform and APIs use TLS 1.3. Older protocols (TLS 1.0, 1.1) are disabled.
  • Encryption at Rest: All storage volumes are encrypted with AES-256. Encryption keys are managed using a dedicated key management system with regular rotation.
  • Backup Security: Automated backups (where available) are encrypted and stored in a separate geographic location from the primary data.
  • Data Isolation: Each customer's data is logically isolated. Our architecture ensures that no customer can access another customer's data.

Compliance

We align our security practices with industry standards and frameworks, including:

  • SOC 2 Type II (in progress)
  • ISO 27001 (planned)
  • GDPR compliance for European customers
  • PCI DSS compliance for payment processing

Responsible Disclosure

We value the work of security researchers and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please report it to security@upzare.com. We ask that you:

  • Provide sufficient detail for us to reproduce and verify the vulnerability.
  • Avoid accessing, modifying, or deleting data belonging to other users.
  • Give us reasonable time to investigate and address the issue before public disclosure.
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.

We will acknowledge receipt within 24 hours and aim to provide an initial assessment within 5 business days. We do not pursue legal action against researchers who follow these guidelines.

Contact

For security-related questions or to report a vulnerability, contact us at security@upzare.com.