Hundreds of businesses and thousands of people trust us for confident, worry-free telephony solutions.
Thousands of businesses and millions of people trust Calendly for confident, worry-free calendar connections.
We know that contacts, call logs and conversations are valuable for you, these data can be extremely sensitive in business, thus keep safe operation of your business phone system is one of our top priorities.
Upon has a dedicated team of compliance and security experts to help meet our rigorous privacy and security standards. Our policies, procedures, and technologies enable us to comply with and exceed industry standard requirements.
Our cloud PBX are hosted in modern safe data centres with 24/7 monitoring. We use AWS and DigitalOcean as a hosting provider.
AWS holds many certifications such as ISO 27001, SOC2, PCI DSS, FedRAMP, and provides for a safe and secure environment.
DigitalOcean is AICPA SOC 2 Type II and SOC 3 Type II certified, in addition, DigitalOcean has achieved Cloud Security Alliance (CSA) STAR Level 1
We require HTTPS for all services, all connections from the browser to the Cloud PBX platform are encrypted in transit using TLS 1.2 and AES-256.
We use a combination of various security tokens. Communication through the web interface is fully encrypted with the latest TLS version supporting Forward Secrecy.
All QR code generated are valid for 24 hours and can only be used once.
All login link generated are valid for 24 hours and can only be used once.
All passwords are encrypted by an advanced one-way algorithm. Passwords are never stored for internal purposes.
All phone calls made through the WebRTC protocol are automatically encrypted and those made through the SIP protocol can be encrypted by TLS.
We do not retain information on customer credit cards. All data are directly provided to our payment processor
We perform regular online backups across availability zones.
As new firmware are released frequently, upgrade is managed by us to ensure our system is always running at optimum conditions.
Security and Compliance is a shared responsibility between us and the customer.
We secure the system and the network your service runs on, inclusive of the management control plane. We extend our responsibility for security of those platforms further up-stack. Secure configurations, access, and patching are all part of the as-a-Service model for these products.
Controls of the cloud PBX product are solely the responsibility of the customer. For example, customer is required to perform all of the necessary security configuration and management tasks inside cloud PBX, customer manages own backups & firmware upgrades, customer is also responsible to keep safe of administrator’s password, end user’s password, voicemail password, etc.
If you engage our service to do setup for you, the server will be first initialized and configured by us. You may change the administrator’s password upon receiving official handover from us.
Our support will request administrator’s password from you if the issue can not be resolved by email or other communication channel. If you are uncomfortable to share the password with our technical support, you may arrange a remote session with us so that you will be the person whom login to the server and you can observe what our technical support does on your server.
For customers with active maintenance contract with us, your password is stored on our secured password manager and only accessible by our support engineers.
Bottom big blocks,
Maintenance service schedule
SERVICES-BASED OPERATOR (“SBO”) (CLASS) LICENCE C130741210