Compliance
Upstash Legal & Security Documents
- Upstash Terms of Service
- Upstash Privacy Policy
- Upstash Data Processing Agreement
- Upstash Technical and Organizational Security Measures
- Upstash Subcontractors
Is Upstash SOC2 Compliant?
As of July 2023, Upstash Redis and Kafka are SOC2 compliant. Check our trust page for details.
Is Upstash ISO-27001 Compliant?
We are in process of getting this certification. Contact us (support@upstash.com) to learn about the expected date.
Is Upstash GDPR Compliant?
Yes. For more information, see our Privacy Policy. We acquire DPAs from each subcontractor that we work with.
Is Upstash HIPAA Compliant?
Upstash is currently not HIPAA compliant. Contact us (support@upstash.com) if HIPAA is important for you and we can share more details.
Is Upstash PCI Compliant?
Upstash does not store personal credit card information. We use Stripe for payment processing. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
Does Upstash conduct vulnerability scanning and penetration tests?
Yes, we use third party tools and work with pen testers. We share the results with Enterprise customers. Contact us (support@upstash.com) for more information.
Does Upstash take backups?
Yes, we take regular snapshots of the data cluster to the AWS S3 platform.
Does Upstash encrypt data?
Customers can enable TLS while creating database/cluster, and we recommend it for production databases/clusters. Also we encrypt data at rest at request of customers.
Was this page helpful?