Security is everything
Here at Upscope, every feature is built with a security first approach.
Our Security DocsState of the art data center
Our system is hosted in secure data centers operated by AWS and located around the world.
Protected database access
Only key employees are able to access our database. Access is only possible through a secure VPN connection, and it is always logged.
Secure by design
We secure your data by avoiding storing it at all. In case of a complete data breach, an attacker would only be able to access your visitor metadata and your account information.
On‑premise available
Complete on‑premise deployment of our technology is available on our enterprise plan.
Your account’s security
Create an account for each team member and assign specific permissions
Upscope allows you to invite all your team members or allow them to create an account with their company email address. You can assign each team member specific permissions (e.g. list visitors, screen share, manage team, manage team settings, manage billing).
Remote log out
You can easily log out of other browsers, and as an administrator you can remotely log out other team members of all their sessions.
Sandboxing
While we load remote HTML in your agent’s browser to show them what your user is seeing, we do so in a sandboxed iframe so that no javascript can be executed. We also proxy all remote assets to ensure they are served over HTTPS.
Audit log
Every action your team takes on Upscope (except for screen sharing session details) is recorded and accessible in the admin console. We also record actions taken by Upscope’s admin related to your account. Each log item contains a hash of the previous entry to prove no item is changed or removed.
SSL everywhere
Your connection with Upscope is protected by SSL everywhere. All access cookies are HTTPS only to guarantee no man‑in‑the‑middle can get hold of them.
SSO and MFA
Enforce log in via Google or SAML‑based SSO, and enable MFA for all your agents.
Your user's security
Ask for user’s permission
Optionally enable a popup asking for your user’s permission before screen sharing is initiated. This option is set directly in the javascript installation snippet and cannot be overridden even if a hacker infiltrated our system.
Transmit data only while screen sharing
We only store metadata about your users such as their location, IP address, last activity timestamp, and optionally their identity. No page content is ever sent to our server unless screen sharing is initiated.
Hide sensitive parts of the page
Easily hide sensitive parts of the page or specific form fields (such as SSN or credit card information) by selecting the element to hide in our dashboard. Portions of the page hidden with Upscope never leave the user’s browser.
Remote control limited to the browser
Unlike other screen sharing systems where the user has to install software or at a very least an extension, Upscope allows your agents to control the user’s browser (limited to clicks and scrolls) with no installs required, making the experience safer and smoother for both agent and user.
Enforced SSL
All your user’s data is only transmitted via secure SSL connections.
Your people & location
Secure office building
Our office is located in the middle of London and is equipped with CCTV and 24/7 security personnel and access control .
Background checked employees
All our employees are background checked to the PCI DSS standard.
ISO 27001 compliant facilities
Our office is fully ISO 27001 compliant and all our employees are trained on data security regularly.
All actions logged
All actions performed by our employees on your account (such as updating information, viewing your users when you request it for testing, etc.) are monitored and logged.
2-step authentication everywhere
Before our employees can perform any action on Upscope they need to authenticate with two step authentication.
