Robust security
Security is in our DNA. Our number one priority is to protect you, your money, and your information. Security is built into our systems and culture.
Sign up
Security is in our DNA. We obsess about it. Our top priority is to protect you, your money, and your information. Uphold is a community. We enforce stringent security standards across our platform - and continually educate ourcustomers on the important role they have to play.
Access and Encryption
We deploy layered defenses to limit the scope and depth of potential attacks, as well as sophisticated encryption.
Auditing & Testing
Security professionals routinely conduct security audits and penetration testing of our systems.
3rd Party Due Diligence
All our providers undergo appropriate due diligence checks. Special attention is paid to integrations incorporating sensitive data.
Personnel Standards
The Uphold team are background checked by an accredited vendor. Mandatory security and privacy training is conducted regularly.
24/7 Overwatch
The Uphold Security Operations Centre monitors systems year-round and responds immediately to any detected threat.
Bug Bounty Program
If you've found a security vulnerability in our platform, please report it to us via our public BugBountyprogram for a reward.
We work with a bug bounty platform called Intigriti.On this platform, you will find our public bug bounty program that is open to all here.
We only accept reportswithin the scope defined through the program.
We apply these and other security measures to protect youand your funds.
Verify Yourself
Verifying your identity helps to keep your transactions secure.
Strong Password
We maintain strong password requirements. We'll also do email verification if we detect anything untoward. If we detect unusual activity, we'll send you an email to verify it is you.
Enable 2-factor authentication
We give you anextra level of protection in the event that your login and password get stolen or compromised.
Scams and Phishing
Scams are designed to give bad actors access to your funds. They often involve someone passing as a legitimatecontact with whom you do business.
If you’re unsure an email is from us, please contact us here
Using Your Device in a Public Place
Never leave your device unattended in a public place while you're logged in,and try to avoid public Wi-Fi. Never access or change your personal information in a public space. Always log out of your Uphold account.
A Secure Connection
Make sure you use a secure internet connection when you access Uphold. Look out for the “https” at the beginning of the website address, as well as the padlock security symbol in the browser frame.
Your Computer
You should install effective antivirus and anti-spy software, as well as turn on a firewall. Always ensure they are running when you use your computer.
Total Transparency. By Design.
Uphold's numerous patent-pending and proprietary technologies - including the Reserveledger™ and Reservechain™- vetted by regular independent audits, allow you to verify ourobligations, transaction flows, assets, and solvency. At any time, you can confirm our reserve holdings and ensure that your funds are safe. See for yourself below.
Go to transparency page
Committed to Compliance
As a FinCEN Registered Money Services Business (MSB) in the United States, and as an EMD Agent of an Electronic Money Issuer regulated by the FCA in the United Kingdom, Uphold is committed to compliance.
We implement robust KYC and Anti-Money Laundering controls to underpinour verification and identification processes and to identify suspicious activity. We’re committed to compliance with all applicable laws and regulations in the United States, Europe, and internationally.
Customer, employee, member, business partner, and developer partner identification verification, and ongoing, real-time due diligence.
Full compliance with Office of Foreign Assets Control (OFAC) regulations. Including real-time identification and investigation of unusual activity, and suspicious activity reporting.
Currency transaction reports and other reporting requirements triggered by transaction volumes and specified activity patterns as articulated in the Bank Secrecy Act (BSA).
Compliance with BSA record keeping requirements.
Compliance with lawful requests for information from law enforcement with the authority to make such requests.
Uphold is passionately committed to securing customer accounts and protecting our customers' privacy and data at all times. Uphold has created technology to adhere to local, state, federal, and international law to protect Personally Identifiable Information (PII), and any personal data collected from our customers is done in accordance with the highest industry standards.
Go to privacy and data policy
We’re excited to announce that we’ve achieved SOC 2 Type 1 Certification, affirming our commitment to the highest standards of customer data security, confidentiality, and availability. This certification is a testament to our dedication to safeguarding our clients’ information and ensuring our systems are secure and reliable. Looking ahead, we’re aiming for SOC 2 Type 2 certification in Q2 2024, further strengthening our promise to uphold strict security protocols and processes, reinforcing our position as a trusted partner in protecting and managing your data.
At Uphold, we understand that securing your information is fundamental to earning your trust. Achieving ISO 27001 certification, an international benchmark for data security underscores our ongoing commitment to earning that trust through stringent safeguards and operational excellence.
Why ISO 27001 Certification Matters
ISO 27001 outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) with the following benefits.
Enhanced Data Protection: ISO 27001 mandates robust security controls, fortifying our defenses against data breaches and cyberattacks.
Legal and Regulatory Compliance: Compliance with ISO 27001 assures you that we are committed to meeting industry-specific regulations and legal obligations.
Customer Trust: Our certification is a mark of assurance, demonstrating our commitment to safeguarding your data and maintaining your trust.
Continuous Improvement:ISO 27001 requires us to continually assess and enhance our information security practices to stay ahead of emerging threats.
PCI/DSS is a set of requirements created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB), designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Its primary focus is to improve payment account security throughout the transaction process and it is administered and managed by an independent body, the Payment Card Industry Security Standards Council.
Uphold is a pioneer in our space when it comes to the security of our consumers: we are one of the first companies working with digital currencies to become certified to PCI/DSS, one of the most stringent security standards in the industry. Being compliant means that we are doing our very best to keep our members' valuable information secure and out of the hands of people who could use that data in a fraudulent way.
