At Upcube, trust is a product feature. We protect customer and user data—and the models and experiences behind our chatbot, search, voice, and image generation products.
Business data privacy
We offer contractual and technical controls to keep your business data separate and protected. Admin tooling, data-retention settings, and auditability are designed to help you meet internal and regulatory requirements.
Learn more: Business Data Privacy (DPA, security overview, data flows).
Consumer privacy
People deserve clear choices. Upcube provides transparent notices, in-product controls, and options to limit data sharing and retention where available.
Learn more: Consumer Privacy (your rights, access/deletion, preferences).
Upcube humans
We follow least-privilege access, background checks where applicable, mandatory security training, and logged, time-bound elevations for support tasks. Production access requires MFA and is continuously monitored.
Security & privacy commitments
We design for confidentiality, integrity, and availability from the start: encryption in transit and at rest, key management, network isolation, dependency scanning, SBOM tracking, and secure SDLC with threat modeling and red-team exercises.
Security compliance & accreditation
Upcube supports customer compliance with frameworks like GDPR and CCPA, and offers a Data Processing Addendum (DPA) upon request.
- SOC 2 Type 2 — Our goal is independent attestation of security and confidentiality controls. (Status & report availability provided upon request.)
- CSA STAR — We align with cloud security best practices and transparency guidelines. (Listing/status available upon request.)
Security portal: Request policies, reports, and DPAs via upcubeco@gmail.com.
External testing
We engage independent penetration testers on a recurring basis and run continuous vulnerability scanning. Findings are triaged by severity with SLA-based remediation and executive reporting.
Customer requirements
We aim to support industry and contractual needs (e.g., HIPAA BAAs for eligible use cases of our platform). See Product Compliance Features for currently supported configurations and controls.
Product compliance features
- Access controls & SSO: Role-based access, optional SSO/SAML, MFA enforcement.
- Data controls: Region selection (where available), retention windows, export tools.
- Logging & audit: Admin logs for sign-ins, settings changes, and data actions.
- Model governance: Safety filters, rate limits, abuse detection, and content policy enforcement across chatbot, search, voice, and image generation.
- Incident response: 24/7 on-call with documented runbooks, customer notifications per law and contract.
- Business Associate Agreements (HIPAA): Available for eligible use cases and scopes—contact us to review your architecture.
Reporting security issues
We welcome reports from security researchers and ethical hackers. Please share suspected vulnerabilities with reproduction steps and impact assessment.
- Email: upcubeco@gmail.com (subject: “Security Report”)
- Safe harbor: Good-faith testing and coordinated disclosure are appreciated; we won’t pursue legal action for research aligned with these principles.
- Recognition/Rewards: We review severity and may offer thanks or rewards at our discretion as we formalize a bug-bounty program.
Our stance
Upcube is dedicated to safeguarding the compute, data, and experiences that power our AI products. Preparing for emerging threats—and raising the bar for privacy and security—guides every release, review, and response.
