Security built for sensitive data.
Startup financial data, cap tables, investor documents, and fundraising strategy deserve enterprise-grade protection. Here is how we protect yours.
AES-256
Encryption at rest
TLS 1.3
Transport security
99.9%
Uptime SLA
GDPR
Compliant
Security controls.
Layered protection across encryption, access, isolation, and audit.
Encryption at Rest
All data encrypted with AES-256. Database files, backups, and stored documents are encrypted before they touch disk.
Transport Security
All connections use TLS 1.3. HTTP is not supported. Certificate pinning is enforced on all API endpoints.
Row-Level Security
Every database table enforces RLS policies via Supabase. Your data is physically isolated from other tenants at the query level.
Audit Logging
Every data access and modification is logged with user identity, timestamp, and IP address. Full audit trail on every record.
Access Control
Role-based permissions across owner, admin, member, and viewer roles. Investor guest access is document-scoped only.
2FA Support
Two-factor authentication available on all accounts. Session timeouts enforce re-authentication on inactive sessions.
What we do not do.
Transparency about data practices matters as much as the controls themselves.
We do not sell your data
Your company information, documents, and metrics are never sold to third parties under any circumstances.
We do not train AI on your data
Your data is not used to train any AI or machine learning models, including UpgradIQ's own AI features.
We do not share data for advertising
No data is shared with advertising networks, data brokers, or third parties for marketing purposes.
We do not store card numbers
All payment processing is handled by Stripe. We never see or store your full card number or CVV.
Questions about security?
Report a vulnerability or ask about our security practices.