2. Data Ownership & Control

• Your Data, Your Ownership: You always retain full ownership of your data.
• No Selling or Sharing: We never sell, rent, or share customer data with third parties for advertising or unrelated services.
• Access Control: All data access is governed by strict role-based permissions. Only you and users you authorize can view or modify your business data.

3. Encryption Standards

• In Transit: All data transmitted to and from OwlUP servers is encrypted using TLS 1.2+.
• At Rest: Data stored on our servers is encrypted using AES-256.
• Backup Encryption: Regular backups are encrypted and stored in geographically redundant and secure environments.

4. Authentication & Access Management

• Multi-Factor Authentication (MFA) is available and encouraged for all user accounts.
• Single Sign-On (SSO) integrations available for enterprise clients.
• Session Timeout & IP Restrictions: Customizable session management and optional IP whitelisting.

5. Secure Infrastructure

OwlUP is hosted on trusted and secured infrastructure providers with the following features:

• ISO 27001 / SOC 2 certified data centers
• Firewall & Intrusion Detection Systems
• 24/7 infrastructure monitoring and DDoS protection
• Geo-redundant failover and disaster recovery systems

6. Data Residency & Compliance

• Regional Hosting Options: OwlUP offers region-specific hosting for data residency compliance upon request.
• Regulatory Alignment: Our data handling practices align with:
  • GDPR (EU General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • HIPAA-ready for clients handling protected health information (additional agreements may be required)

7. Audit Logs & Monitoring

• Full Audit Trails: All actions are logged and timestamped by user ID for accountability.
• Access Logs: Track who accessed what data and when.
• Real-Time Alerts: Configurable alerts for suspicious activity or failed login attempts.

8. Data Retention & Deletion

• Retention Policy: Data is retained according to customer settings or legal obligations.
• Data Portability: You can export your data at any time.
• Data Deletion: Upon termination or request, all customer data is securely deleted from all systems, including backups, within a defined retention period.

9. Employee Access & Internal Security

• Least Privilege Principle: Only authorized OwlUP staff with a strict need-to-know may access production environments.
• Background Checks: All employees undergo background screening.
• Security Training: Regular training on secure development, data handling, and privacy.

10. Vulnerability Management

• Proactive Patching: Security patches and updates are deployed promptly.
• Penetration Testing: Regular third-party audits and penetration testing.
• Bug Bounty Program (coming soon): Encouraging the responsible disclosure of vulnerabilities by security researchers.

11. AI-Driven Modules & Data Safeguards

• AI features (e.g., knowledge base, reporting, analytics) are designed to respect access controls and never expose confidential data across departments or roles.
• Sensitive input processed through AI modules are isolated, encrypted, and never used to train third-party models.

12. Incident Response

• Incident Response Plan in place and tested regularly.
• Clients will be notified of any confirmed breach or unauthorized access within 72 hours (or as required by applicable law).
• Affected systems are isolated, analyzed, and remediated with full transparency.

13. Customer Responsibilities

To maintain a secure environment, we recommend customers:

• Enable MFA for all users.
• Regularly review and update user access permissions.
• Use strong, unique passwords.
• Report suspicious activity to security@owlup.com.

14. Contact Us

If you have questions about OwlUP’s security practices or need a copy of our Data Processing Agreement (DPA):

Security Office – OwlUP, Inc.

• 555 Riverdale Dr, Suite A100
• Glendale, CA 91204
• Email: security@owlup.com
• Phone: 818.546.4601