UptimeFlux LogoUptimeFlux

Security

Last updated: January 2025

1. Introduction

At WebDigital France, security is a fundamental priority in everything we do. We operate UptimeFlux, a monitoring service that handles sensitive data and critical infrastructure information. This page outlines our security practices, measures, and commitments to protecting your data and ensuring the security of our platform.

We are committed to maintaining the highest standards of security and continuously improving our security posture to protect against evolving threats.

2. Data Encryption

2.1. Encryption in Transit

All data transmitted between your devices and our servers is encrypted using industry-standard Transport Layer Security (TLS) 1.2 or higher. This ensures that:

  • All connections to our web application use HTTPS
  • API communications are secured with TLS encryption
  • Webhook deliveries are sent over encrypted connections
  • Email notifications are sent via secure SMTP connections

2.2. Encryption at Rest

All sensitive data stored in our databases is encrypted at rest using strong encryption algorithms. This includes:

  • User account information and credentials (hashed passwords)
  • API tokens (hashed and salted)
  • Monitoring data and check results
  • Payment information (processed securely through Stripe, not stored by us)
  • Contact information and notification preferences

3. Infrastructure Security

3.1. Hosting and Servers

Our infrastructure is hosted on secure cloud platforms with the following security measures:

  • Servers located in secure, monitored data centers
  • Regular security updates and patches applied promptly
  • Firewall rules and network segmentation to limit access
  • Intrusion detection and prevention systems
  • DDoS protection and mitigation
  • Regular security audits and vulnerability assessments

3.2. Network Security

Our network infrastructure is designed with security in mind:

  • All network traffic is monitored and logged
  • Access to internal systems is restricted and monitored
  • VPN access required for administrative operations
  • Network segmentation to isolate sensitive systems

4. Access Controls

4.1. Authentication

We implement strong authentication mechanisms:

  • Passwords are hashed using bcrypt with salt
  • Multi-factor authentication (MFA) support for enhanced security
  • Session management with secure, HTTP-only cookies
  • Automatic session timeout for inactive users
  • Account lockout after multiple failed login attempts

4.2. Authorization

Access to resources is controlled through role-based access control (RBAC):

  • Workspace-level permissions
  • Granular permissions for API tokens
  • Principle of least privilege applied
  • Regular access reviews and audits

4.3. API Security

Our API is secured with:

  • Token-based authentication (API tokens)
  • Rate limiting to prevent abuse
  • HTTPS-only API endpoints
  • Granular permission system for API tokens
  • Token rotation and revocation capabilities

5. Monitoring and Logging

We maintain comprehensive monitoring and logging systems:

  • 24/7 security monitoring of our infrastructure
  • Automated alerts for suspicious activities
  • Audit logs for all administrative actions
  • Access logs for authentication and authorization events
  • Application logs for debugging and security analysis
  • Regular log reviews and analysis
  • Log retention policies compliant with regulations

6. Incident Response

We have established procedures for responding to security incidents:

  • Incident response team ready to act immediately
  • Clear escalation procedures for security issues
  • Regular incident response drills and training
  • Communication plan for notifying affected users
  • Post-incident analysis and improvement processes
  • Compliance with data breach notification requirements

In the event of a security incident that affects your data, we will notify you as soon as possible and take immediate steps to mitigate the impact.

7. Compliance

We are committed to compliance with relevant data protection and security regulations:

  • GDPR (General Data Protection Regulation): We comply with EU data protection requirements
  • Data Protection: We implement appropriate technical and organizational measures
  • Data Processing Agreements: We have agreements with third-party processors
  • Right to Access and Deletion: We respect user rights regarding their data
  • Data Breach Notification: We notify authorities and users as required by law

8. Third-Party Security

We work with trusted third-party service providers and ensure their security practices meet our standards:

  • Payment Processing: Stripe (PCI DSS compliant, we never store payment card data)
  • Email Services: Secure SMTP providers with encryption
  • SMS Services: Trusted SMS providers with secure APIs
  • Hosting Providers: Reputable cloud providers with strong security practices
  • Monitoring Services: We monitor our own infrastructure continuously

All third-party integrations are regularly reviewed for security compliance, and we maintain data processing agreements where required.

9. Security Best Practices for Users

While we implement strong security measures, we also recommend that users follow security best practices:

  • Use strong, unique passwords for your account
  • Enable multi-factor authentication (MFA) when available
  • Keep your API tokens secure and rotate them regularly
  • Review and manage workspace permissions regularly
  • Monitor your account activity for suspicious behavior
  • Keep your contact information up to date
  • Use secure webhooks (HTTPS) for integrations
  • Regularly review and remove unused API tokens

10. Reporting Security Issues

We take security vulnerabilities seriously and appreciate responsible disclosure. If you discover a security vulnerability in our service, please:

  • Email us at security@uptimeflux.com
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access or modify data that does not belong to you
  • Do not disrupt our service or other users' experience

We will acknowledge receipt of your report within 48 hours and work with you to understand and resolve the issue. We appreciate your help in keeping UptimeFlux secure.

11. Security Updates

We continuously work to improve our security posture:

  • Regular security assessments and penetration testing
  • Continuous monitoring of security advisories and updates
  • Regular updates to our security policies and procedures
  • Employee security training and awareness programs
  • Participation in security communities and information sharing

12. Contact Information

If you have any questions or concerns about security, please contact us:

WebDigital France
Security Team: security@uptimeflux.com
General Support: support@uptimeflux.com

Security - UptimeFlux - UptimeFlux