At Upving Digital Solutions Pvt Ltd (“Upving,” “we,” “our,” “us”), we are committed to ensuring the safety and security of your data and business transactions. As a provider of online marketing services, software-as-a-service (SaaS), and other digital solutions, we understand the importance of data protection and have implemented robust security measures to prevent unauthorized access, loss, misuse, or alterations of data. This Security Policy outlines the security measures we have in place to protect our services, products, and your personal information while operating on both national and international levels.

1. General Security Practices

Upving takes every necessary step to protect the confidentiality, integrity, and availability of your data through the following security practices:

• Encryption: All sensitive data is encrypted using industry-standard encryption protocols. Data transmitted over the internet is protected with SSL/TLS encryption, and any data stored on our servers is encrypted at rest using AES-256 encryption.
• Access Control: We implement strict access control mechanisms, allowing only authorized personnel to access sensitive data and systems. Access to client data is granted based on the principle of “least privilege,” ensuring users can only access the data necessary for their role.
• Firewall & Network Security: Upving uses advanced firewalls and intrusion detection/prevention systems (IDS/IPS) to monitor and protect our networks from unauthorized access and cyber threats.
• Regular Security Audits: We perform routine security audits, vulnerability assessments, and penetration tests to identify potential weaknesses and ensure the effectiveness of our security measures.

2. Secure Software Development Life Cycle (SDLC)

Upving adopts secure software development practices to build products and services that are free from vulnerabilities:

• Secure Coding Practices: Our development team follows industry best practices for secure coding, including protection against SQL injection, XSS (cross-site scripting), CSRF (cross-site request forgery), and other known vulnerabilities.
• Code Reviews & Testing: We perform code reviews and conduct thorough security testing at every stage of development, from design to deployment. This includes automated security scans and manual code reviews.
• Patching and Updates: We ensure that all software, applications, and systems are regularly updated to address newly discovered security vulnerabilities. Any third-party dependencies are also regularly reviewed and updated to ensure they meet security standards.

3. Data Protection and Privacy

We understand the critical importance of data protection and take the necessary measures to protect personal and business data:

• Data Minimization: We only collect personal information that is necessary to provide our services. We minimize the storage and processing of sensitive data.
• Data Storage and Retention: Data is stored in secure, encrypted systems, and we retain personal data only as long as necessary to fulfill business purposes or legal obligations. We comply with data retention requirements and dispose of data securely when it is no longer needed.
• Third-Party Service Providers: We work with trusted third-party vendors to process data. All third-party service providers are required to comply with our security and privacy standards, and we enter into formal contracts with them to ensure that they follow data protection regulations.

4. Authentication and Access Control

We ensure that all user accounts and business systems are secured by robust authentication measures:

• Multi-Factor Authentication (MFA): We use multi-factor authentication for accessing sensitive data and systems, adding an extra layer of security beyond passwords.
• Strong Password Policy: We enforce a strong password policy for user accounts, requiring complex passwords that meet or exceed industry standards.
• User Session Monitoring: We monitor user sessions for unusual activity, such as multiple failed login attempts or access from unfamiliar locations. Inactive sessions are automatically logged out after a specified period.

5. International Data Compliance and Transfer

Upving operates globally, serving clients in various countries, including those in the European Union and the United States. We comply with the relevant data protection regulations and ensure secure data transfers:

• GDPR Compliance: For clients in the European Union, we fully comply with the General Data Protection Regulation (GDPR) to safeguard personal data. This includes using data processing agreements with our clients and third-party vendors to ensure data protection.
• Cross-Border Data Transfers: We comply with international data transfer mechanisms such as Standard Contractual Clauses (SCCs) to protect data when it is transferred across borders. Data is protected regardless of the location, and we adhere to all applicable laws and regulations governing cross-border data transfers.

6. Security Incident Response and Notification

In the event of a security incident or data breach, Upving follows a detailed security incident response plan:

• Incident Detection and Response: We employ continuous monitoring systems to detect potential security incidents in real-time. In the event of a breach, we immediately begin a thorough investigation to determine the extent of the breach.
• Breach Notification: If a data breach occurs and personal data is compromised, we will notify affected individuals and relevant authorities in accordance with applicable laws (e.g., GDPR, CCPA). Notifications will be sent promptly, outlining the nature of the breach, the potential impact, and the corrective actions we are taking.
• Corrective Actions: Following an incident, we will take immediate action to mitigate any damage, implement stronger security measures, and prevent similar incidents in the future.

7. Liability Limitations and Disclaimers

While Upving has implemented robust security measures to safeguard data, we are not liable for damages or losses resulting from the following circumstances:

• Force Majeure: Events beyond our control, such as natural disasters, acts of war, terrorism, or government-imposed restrictions, that may disrupt our services or security measures.
• User Actions: Security vulnerabilities resulting from user actions, such as sharing credentials, failing to maintain secure passwords, or ignoring security best practices.
• Third-Party Risks: Any security risks arising from third-party services or software that we may use but do not directly control. Upving will not be liable for the actions or security failures of third-party service providers.

8. Client Responsibilities

Clients using Upving’s services are also responsible for certain security measures:

• Protecting Login Information: Clients must maintain the confidentiality of their login credentials and take reasonable steps to ensure they are not shared with unauthorized users.
• Compliance with Applicable Laws: Clients must ensure that any data they provide to Upving complies with applicable data protection and privacy laws in their jurisdiction, such as GDPR, CCPA, or others.
• Monitoring and Reporting: Clients are responsible for monitoring their accounts and immediately reporting any suspicious activity, such as unauthorized access to their account.

9. Regular Review of Security Measures

Upving continuously evaluates and updates its security practices to address emerging threats and comply with evolving regulations. We conduct regular reviews of our security policies, perform audits, and update our systems to maintain a high level of protection.

10. Contact Us

If you have any questions, concerns, or suggestions regarding our security practices or if you would like more information about how we protect your data, please contact us:

• Email: legal@upving.com
• Phone: +91 74001 00880

Address: Upving Digital Solutions Pvt Ltd, Vasai, Palghar, Mumbai, Maharashtra, India