Robust security

Security is in our DNA. Our number one priority is to protect you, your money, and your information. Security is built into our systems and culture.

Sign up

State-of-the art security

Security is in our DNA. We obsess about it. Our top priority is to protect you, your money, and your information. Uphold is a community. We enforce stringent security standards across our platform - and continually educate our customers on the important role they have to play.

Access and Encryption

We deploy layered defenses to limit the scope and depth of potential attacks, as well as sophisticated encryption.

Auditing & Testing

Security professionals routinely conduct security audits and penetration testing of our systems.

3rd Party Due Diligence

All our providers undergo appropriate due diligence checks. Special attention is paid to integrations incorporating sensitive data.

Personnel Standards

The Uphold team are background checked by an accredited vendor. Mandatory security and privacy training is conducted regularly.

24/7 Overwatch

The Uphold Security Operations Centre monitors systems year-round and responds immediately to any detected threat.

Bug Bounty Program

If you've found a security vulnerability in our platform, please report it to us via our public BugBounty program for a reward.

We work with a bug bounty platform called Intigriti. On this platform, you will find our public bug bounty program that is open to all here.

We only accept reports within the scope defined through the program.

We apply these and other security measures to protect you and your funds.

Verify Yourself

Verifying your identity helps to keep your transactions secure.

Strong Password

We maintain strong password requirements. We'll also do email verification if we detect anything untoward. If we detect unusual activity, we'll send you an email to verify it is you.

Enable 2-factor authentication

We give you an extra level of protection in the event that your login and password get stolen or compromised.

Scams and Phishing

Scams are designed to give bad actors access to your funds. They often involve someone passing as a legitimate contact with whom you do business.

If you’re unsure an email is from us, please contact us here

Using Your Device in a Public Place

Never leave your device unattended in a public place while you're logged in, and try to avoid public Wi-Fi. Never access or change your personal information in a public space. Always log out of your Uphold account.

A Secure Connection

Make sure you use a secure internet connection when you access Uphold. Look out for the “https” at the beginning of the website address, as well as the padlock security symbol in the browser frame.

Your Computer

You should install effective antivirus and anti-spy software, as well as turn on a firewall. Always ensure they are running when you use your computer.

Total Transparency. By Design.

Uphold's numerous patent-pending and proprietary technologies - including the Reserveledger™ and Reservechain™- vetted by regular independent audits, allow you to verify our obligations, transaction flows, assets, and solvency. At any time, you can confirm our reserve holdings and ensure that your funds are safe. See for yourself below.

Go to transparency page

Committed to Compliance

As a FinCEN Registered Money Services Business (MSB) in the United States, and as an EMD Agent of an Electronic Money Issuer regulated by the FCA in the United Kingdom, Uphold is committed to compliance.

Regulatory Compliance & Anti-Money Laundering (AML) Controls

We implement robust KYC and Anti-Money Laundering controls to underpin our verification and identification processes and to identify suspicious activity. We’re committed to compliance with all applicable laws and regulations in the United States, Europe, and internationally.

Highlights

Bullet icon

Customer, employee, member, business partner, and developer partner identification verification, and ongoing, real-time due diligence.

Bullet icon

Full compliance with Office of Foreign Assets Control (OFAC) regulations. Including real-time identification and investigation of unusual activity, and suspicious activity reporting.

Bullet icon

Currency transaction reports and other reporting requirements triggered by transaction volumes and specified activity patterns as articulated in the Bank Secrecy Act (BSA).

Bullet icon

Compliance with BSA record keeping requirements.

Bullet icon

Compliance with lawful requests for information from law enforcement with the authority to make such requests.

Data & Privacy

Uphold is passionately committed to securing customer accounts and protecting our customers' privacy and data at all times. Uphold has created technology to adhere to local, state, federal, and international law to protect Personally Identifiable Information (PII), and any personal data collected from our customers is done in accordance with the highest industry standards.

Go to privacy and data policy

SOC 2 Type 1 Certification

We’re excited to announce that we’ve achieved SOC 2 Type 1 Certification, affirming our commitment to the highest standards of customer data security, confidentiality, and availability. This certification is a testament to our dedication to safeguarding our clients’ information and ensuring our systems are secure and reliable. Looking ahead, we’re aiming for SOC 2 Type 2 certification in Q2 2024, further strengthening our promise to uphold strict security protocols and processes, reinforcing our position as a trusted partner in protecting and managing your data.

PCI/DSS certified image

ISO 27001 Certified

At Uphold, we understand that securing your information is fundamental to earning your trust. Achieving ISO 27001 certification, an international benchmark for data security underscores our ongoing commitment to earning that trust through stringent safeguards and operational excellence.

Why ISO 27001 Certification Matters

ISO 27001 outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) with the following benefits.

Bullet icon

Enhanced Data Protection: ISO 27001 mandates robust security controls, fortifying our defenses against data breaches and cyberattacks.

Bullet icon

Legal and Regulatory Compliance: Compliance with ISO 27001 assures you that we are committed to meeting industry-specific regulations and legal obligations.

Bullet icon

Customer Trust: Our certification is a mark of assurance, demonstrating our commitment to safeguarding your data and maintaining your trust.

Bullet icon

Continuous Improvement: ISO 27001 requires us to continually assess and enhance our information security practices to stay ahead of emerging threats.

PCI/DSS certified image

The Payment Card Industry Data Security Standard PCI/DSS

PCI/DSS is a set of requirements created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB), designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Its primary focus is to improve payment account security throughout the transaction process and it is administered and managed by an independent body, the Payment Card Industry Security Standards Council.

Uphold is a pioneer in our space when it comes to the security of our consumers: we are one of the first companies working with digital currencies to become certified to PCI/DSS, one of the most stringent security standards in the industry. Being compliant means that we are doing our very best to keep our members' valuable information secure and out of the hands of people who could use that data in a fraudulent way.

PCI/DSS certified image