Send yourself an email reminder

Upscope

Built with security in mind

Every feature is built with a security first approach.

Your account's security

The first layer of security is your Upscope account.

  • Create an account for each team member and assign specific permissions

    Upscope allows you to invite all your team members or allow them to create an account with their company email address. You can assign each team member specific permissions (e.g. list users, watch user, manage team, manage team settings, manage billing).

  • Email-only two step log in to prevent password reuse

    Password reuse is one of the leading causes of data breaches. We prevent this by requiring your team members to go through a two step log in process where an email with a log in token is sent to their corporate email address.

  • Remote log out

    You can easily log out of other browsers, and as an administrator you can remotely log out other team members of all their sessions.

  • Audit log

    Evey action your team takes on Upscope (except for screen sharing session details) is recorded and accessible in the admin console. We also record actions taken by Upscope's admin related to your account. Each log item contains a hash of the previous entry to prove no item is changed or removed.

  • SSL everywhere

    Your connection with Upscope is protected by SSL everywhere. All access cookies are HTTPS only to guarantee no man-in-the-middle can get hold of them.

  • Sandboxing

    While we load remote HTML in your agent's browser to show them what your user is seeing, we do so in a sandboxed iframe so that no javascript can be executed. We also proxy all remote assets to ensure they are served over HTTPS.

Your user's security

We only track what you want us to track, and don't save anything we don't need to save.

  • Ask for user's permission

    Optionally enable a popup asking for your user's permission before screen sharing is initiated. This option is set directly in the javascript installation snippet and cannot be overridden even if a hacker infiltrated our system.

  • Transmit data only while screen sharing

    We only store metadata about your users such as their location, IP address, last activity timestamp, and optionally their identity. No page content is ever sent to our server unless screen sharing is initiated or a screen shot is taken through our javascript API.

  • Hide sensitive form values

    Easily hide sensitive form values (such as SSN or credit card information) by adding a CSS class to the input or any of its parent elements, or set up custom rules with our javascript API.

  • Remote control limited to the browser

    Unlike other screen sharing systems where the user has to install software or at a very least an extension, Upscope allows your agents to control the user's browser (limited to clicks and scrolls) with no installs required, making the experience safer and smoother for both agent and user.

  • Enforced SSL

    All your user's data is only transmitted via secure SSL connections.

  • Nothing stored, ever

    No user content is ever stored on our servers. The only exception are screenshots and assets caching, which are automatically deleted after 30 days and are in any case optional.

Infrastructure

Where your data will be kept.

  • State of the art data center

    Our website is hosted in secure data centers operated by AWS. Our main data center is in the North Virginia region.

  • Protected database access

    Only key employees are able to access our database (which only holds account information and user metadata in any case). Access is only possible through a secure VPN connection, and it is always logged.

  • Secure by design

    We secure your data by avoiding storing it at all. In case of a complete data breach, an attacker would only be able to access your user metadata and your account information.

Our people & location

Created by experts in a secure location

  • Secure office building

    Our office is located in the middle of London and is equipped with CCTV and 24/7 security personnel and access control.

  • Background checked employees

    All our employees are background checked to the PCI DSS standard.

  • All actions logged

    All actions performed by our employees on your account (such as updating information, viewing your users when you request it for testing, etc.) are monitored and logged.

  • 2-step authentication everywhere

    Before our employees can perform any action on Upscope they need to authenticate with a two step authentication.

Do you have other security questions? Contact our team!