Information Security

Information Security

Your Information is Important

We realize that the information you post to Upkeepr is important, and we promise to do our best to keep it secure. To this end, we apply industry best-practices to secure your data in the cloud and to protect it from those who might try to hack our system or your account. However, we need you to do your part by keeping your account safe, too. So, please read this page to learn about the measures we employ and what you can do to help protect your information.

Good Security Starts at Home

The most vulnerable part of our system is its users. Please follow this simple guidance to ensure the highest security of your account.

Use a Unique Password
Most people use the same password across many websites. While this makes credentials easier to remember, it’s also quite likely that one of the many websites you use will be breached at some point, or even has been breached many years ago. And while most websites store passwords in an encrypted form, if the data is breached and the hackers have enough time to run calculations, they may be able to crack your password. So, if you’ve been using the same password across many websites for years, it’s possible for a hacker to crack your password from one site and access your accounts on other sites. For this reason, it’s important to use a unique password on every site you access, and especially for websites with personally identifying information (PII) and data about your valuables, like Upkeepr.

We recommend using a password manager browser plug-in and mobile app like LastPass or 1Password to generate unique, random passwords and store them in a highly secure vault with easy access for you, so you’re not tempted to use the same password on Upkeepr that you use on other sites.

Use Strong Passwords
An average user will make up a password with the name of a beloved pet or a street they lived on plus some important number like a family member’s birth date. These passwords, while meeting basic strength requirements (mixture of upper-case, lower case, and numbers) on a website, are actually rather weak. A diligent hacker can come up with candidate names using a technique called a “dictionary attack”, where they use words from the dictionary, or many dictionaries from different languages around the world, plus lists of common names. But, sometimes the names of your children or pets come up in conversation, often on social media where they can be gleaned by hackers. Similarly, if you use numbers from your life events like birthdates, anniversaries, and addresses, these can be discovered with a little online research. Malicious actors can combine these numbers with a dictionary attack to guess your passwords. So, please don’t use these typical combinations for your Upkeepr password.

Again, we recommend using a password manager browser plug-in and mobile app like LastPass or 1Password to generate unique, random passwords and store them in a highly secure vault with easy access, so you’re not tempted to use a predictable password on Upkeepr.

Our Security Practices

Upkeepr uses industry best practices to secure your information. With the combination of security techniques that we use, it’s highly unlikely that anyone could hack your information. Here are some of the techniques we employ.

Secure Login
Upkeepr uses a secure login mechanism just like Facebook, Google, Microsoft, Apple, and others. In fact, we all use an industry standard called OAuth. The system issues a unique secure token every time you log in, which is good for a short period of time before the server requires that it be updated, or “refreshed”. The Upkeepr app will automatically refresh its token every few minutes so that even if an old token were to be intercepted on the network and cracked with a super-strong computer, it would be out-of-date and obsolete by the time the hackers could use it or the information in it. These login tokens are required to use the API and ensure that no other user can access your information.

Secure Hosting
Upkeepr hosts its code, application website, application programming interface (API), and data at one of the world’s premier hosting providers with highly secure, restricted access. This means that even our staff can’t get physical access to the computers running our apps or hosting your data. No one can access our code and look for vulnerabilities or copy the data and spend years cracking it. And, as our hosting providers improve their security and Info Sec practices, rest assured that Upkeepr and your information will benefit from the increased security along the way.

Secure Data
Upkeepr stores all system and user data, yours included, in state-of-the-art databases that encrypt the data at rest. This means that if someone were to get physical access to a server or a backup at a hosting facility, they couldn’t access any meaningful information. Moreover, the credentials our own API uses to securely access the databases are not stored in the code, but rather in a “key vault” where those values are kept encrypted, too. So, even in the unlikely event that our code was compromised, your data wouldn’t be. 

Rest assured that we have done our best to employ security at every level to protect your information so that only you can access it. If you have any further questions, please contact us.