Skip to main content

login to Uplifter

How Uplifter Keeps Your Data Secure

Alexander Holman-Butt
  • Updated

At Uplifter, security isn’t an afterthought—it’s at the heart of everything we do. Our customers trust us with their marketing data, and we take that responsibility extremely seriously.

What is Uplifter?

Uplifter is a Software as a Service (SaaS) closed loop marketing platform for campaign planning, link creation, UTM code management, and marketing performance reporting. The platform does not process sensitive personal data and only collects user email addresses for login and support purposes.

Data minimisation

  • We don't capture, store or process any of your customers sensitive personal data / PII
  • The only PII we capture is the name and email of our users who login to access Uplifter or support
  • We only use this email address to help them login and for support purposes
  • Data is deleted promptly when no longer needed or requested

Certified and Independent Security

  • ISO 27001 certified by a UKAS-accredited auditor

  • Annual penetration testing by a CREST-registered third party

  • Monthly internal vulnerability scans using OWASP ZAP

  • Regular audits and surveillance reviews to maintain compliance

Data Hosting and Encryption

  • Data is hosted exclusively in the UK and EU (Microsoft Azure and Google Cloud Platform)

  • Both platforms are ISO 27001 and SOC 2 compliant

  • End-to-end encryption ensures your data is safe in transit and at rest

  • Strict client data segregation through secure token-based access

Strong Access Controls

  • Least privilege access model with quarterly reviews

  • Multi-factor authentication (MFA) for sensitive systems

  • Rapid account revocation if needed

  • Single Sign-On (SSO) support with Microsoft, Google, or Okta

People and Processes

  • All employees complete annual cybersecurity and GDPR training

  • Staff devices have full-disk encryption, endpoint protection, and remote wipe capability

  • Pre-employment background checks and NDAs for all staff and contractors

  • Comprehensive joiner/leaver processes to control access at every stage

Web Application Security

  • No plain-text passwords – all passwords are hashed and salted with SHA-256

  • Development follows OWASP secure coding standards

  • Protection against common threats like injection attacks, XSS, and DDoS

  • Continuous monitoring, logging, and error reporting via trusted platforms

Supplier and Third-Party Security

  • All suppliers are risk-assessed and monitored in a dedicated register

  • Access keys managed via Azure Key Vault with quick rotation if required

  • No unencrypted passwords ever transmitted to third-party services

Incident Response

  • GDPR-compliant incident management and breach notification process

  • Detailed logging and monitoring for proactive detection

  • Regular reviews to continually strengthen security controls

In Short

Uplifter protects your data with industry-leading standards, robust encryption, strict access controls, and continuous testing. Security is built into every layer of our product and processes—so you can focus on your marketing, knowing your information is safe with us.

This article is meant as a security overview, a comprehensive document for InfoSec teams is available by emailing support@uplifter.ai

Related articles

Comments

0 comments

Please sign in to leave a comment.