Many companies say they take security seriously. In our case, we’d like to demonstrate this with concrete information.

Security Audit

From time to time, we commission independent Internet security professionals to audit our security. We implement any findings and recommendations as a matter of priority.

EU General Data Protection Regulation (GDPR)

As we are based in Spain, which is in the European Union, we are regulated by the EU General Data Protection Regulation (GDPR). We abide fully by the EU GDPR. Read more about our GDPR compliance.

Employee Access

Infrastructure

The Feature Upvote application runs on Amazon’s AWS infrastructure. We follow AWS’s best practice guides. We regularly audit our use of AWS. We regularly check our server logs for suspicious activity.

Our database, which is hosted on AWS, uses encryption at rest.

AWS offers a choice of geographic regions. Our AWS region is Ireland, a European Union member state. We store production data solely within the European Union.

Our web application only accepts and transmits traffic over HTTPS.

Backups

Your data is safe with us. We take frequent backups and regularly ensure that a recent backup can be restored. Access to backups is guarded with a combination of 2FA, password managers, encryption at rest, and tight access rules.

Credit Card Data

At no time do we store your credit card details on our servers. Our payment processor, Stripe, handles payment processing on our behalf. Stripe ensures that all relevant compliance, such as PCI, is met.

None of our staff, including management, have access to your credit card info.

Got questions about our security? Ask us at support@featureupvote.com


Responsible Disclosure

We welcome whitehat security researchers and will gratefully receive reports of suspected security problems.

We ask you to refrain from the following:

Acknowledgement Program

We don’t offer bug bounties. However we acknowledge contributions here on our site.

Only the first researcher to report a specific qualifying issue is eligible for acknowledgement. Whether or not an issue is a qualifying issue, as well as eligibility for acknowledgement, are decisions taken by us in our discretion.

We reserve the right to cancel this program at any time without notice.

Guidelines

In order to qualify for acknowledgement, please follow these guidelines when reporting issues:

Vulnerabilities eligible for acknowledgement

Ineligible vulnerabilities

How to report issues

Report security vulnerabilities to security@featureupvote.com. Once we’ve received your email, we’ll work with you to make sure that we completely understand the scope of the problem and keep you informed as we work on the solution.

Acknowledgements

We appreciate your help to find and resolve security issues responsibly. The following have worked to help us keep Feature Upvote safe and secure for everyone. Thank you.