Security and Compliance

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. File uploads are stored in Cloudflare R2 with server-side encryption.

UpgradIQ uses Supabase Auth for authentication. Passwords are hashed with bcrypt. Row Level Security (RLS) policies ensure you can only access your own company's data.

Two-factor authentication (2FA) is available in Settings > Profile. We recommend enabling it for all team members with Admin or Owner roles.

Sessions expire after 30 minutes of inactivity. You will see a warning banner 2 minutes before timeout. Click anywhere or click 'Stay logged in' to extend your session.

Sessions are also invalidated when you change your password.

All significant actions are logged: login/logout, document uploads, permission changes, team member changes, and settings updates. Account owners can request an audit log export.

Rate limiting is applied to all API endpoints to prevent abuse. IP allowlisting is available on the Scale plan.

For data deletion requests (GDPR), contact support@upgradiq.com. We process erasure requests within 30 days.