We use cookies to personalise content and ads, provide social media features, and analyse our traffic. To learn more check our cookies policy.

Get StartedSecurity

Robust security

Security is in our DNA. Our number one priority is to protect you, your money, and your information. Security is built into our systems and culture

Sign up

State-of-the art security

Security is in our DNA. We obsess about it. Our top priority is to protect you, your money, and your information. Uphold is a community. We enforce stringent security standards across our platform - and continually educate our customers on the important role they have to play.

Access and Encryption

We deploy layered defenses to limit the scope and depth of potential attacks, as well as sophisticated encryption.

Auditing & Testing

Security professionals routinely conduct security audits and penetration testing of our systems.

3rd Party Due Diligence

All our providers undergo appropriate due diligence checks. Special attention is paid to integrations incorporating sensitive data.

Personnel Standards

The Uphold team are background checked by an accredited vendor. Mandatory security and privacy training is conducted regularly.

24/7 Overwatch

The Uphold Security Operations Centre monitors systems year-round and responds immediately to any detected threat.

Bug Bounty Program

If you've found a security vulnerability, please report it to us and you may receive a reward.

You should register with Intigriti here:

Then, to be added to our program, please contact Intigriti at [email protected] and provide:

  • Your Intigriti username
  • A brief description of the vulnerability
  • Scope (impacted uphold.com subdomain)

You will be enrolled into our project and see all the scopes and potential bounties!

We apply these and other security measures to protect you and your funds.

Verify Yourself

Verifying your identity helps to keep your transactions secure.

Strong Password

We maintain strong password requirements. We'll also do email verification if we detect anything untoward. If we detect unusual activity, we'll send you an email to verify it is you.

Enable 2-step verification

We give you an optional extra level of protection in the event that your login and password get stolen or compromised.

Scams and Phishing

Scams are designed to give bad actors access to your funds. They often involve someone passing as a legitimate contact with whom you do business.

If you’re unsure an email is from us, please contact us here

Using Your Device in a Public Place

Never leave your device unattended in a public place while you're logged in, and try to avoid public Wi-Fi. Never access or change your personal information in a public space. Always log out of your Uphold account.

A Secure Connection

Make sure you use a secure internet connection when you access Uphold. Look out for the “https” at the beginning of the website address, as well as the padlock security symbol in the browser frame.

Your Computer

You should install effective antivirus and anti-spy software, as well as turn on a firewall. Always ensure they are running when you use your computer.

Total Transparency. By Design.

Uphold's numerous patent-pending and proprietary technologies - including the Reserveledger™ and Reservechain™- vetted by regular independent audits, allow you to verify our obligations, transaction flows, assets, and solvency. At any time, you can confirm our reserve holdings and ensure that your funds are safe. See for yourself below.

Go to transparency page

Committed to Compliance

As a FinCEN Registered Money Services Business (MSB) in the United States, and as an EMD Agent of an Electronic Money Issuer regulated by the FCA in the United Kingdom, Uphold is committed to compliance.

Regulatory Compliance & Anti-Money Laundering (AML) Controls

We implement robust KYC and Anti-Money Laundering controls to underpin our verification and identification processes and to identify suspicious activity. We’re committed to compliance with all applicable laws and regulations in the United States, Europe, and internationally.

Highlights

Customer, employee, member, business partner, and developer partner identification verification, and ongoing, real-time due diligence.

Full compliance with Office of Foreign Assets Control (OFAC) regulations. Including real-time identification and investigation of unusual activity, and suspicious activity reporting.

Currency transaction reports and other reporting requirements triggered by transaction volumes and specified activity patterns as articulated in the Bank Secrecy Act (BSA).

Compliance with BSA record keeping requirements.

Compliance with lawful requests for information from law enforcement with the authority to make such requests.

Data & Privacy

Uphold is passionately committed to securing customer accounts and protecting our customers' privacy and data at all times. Uphold has created technology to adhere to local, state, federal, and international law to protect Personally Identifiable Information (PII), and any personal data collected from our customers is done in accordance with the highest industry standards.

Go to privacy and data policy

The Payment Card Industry Data Security Standard PCI/DSS

PCI/DSS is a set of requirements created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB), designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Its primary focus is to improve payment account security throughout the transaction process and it is administered and managed by an independent body, the Payment Card Industry Security Standards Council.

Uphold is a pioneer in our space when it comes to the security of our consumers: we are one of the first companies working with digital currencies to become certified to PCI/DSS, one of the most stringent security standards in the industry. Being compliant means that we are doing our very best to keep our members' valuable information secure and out of the hands of people who could use that data in a fraudulent way.