Built to secure and support global enterprise
We’ve developed a best-in-class workforce communications platform for some of the largest, most complex organisations in the world.

Certifications
Trusted security with the highest standards
Our industry-leading security, privacy, and compliance processes ensure your data is safe and available when you need it. We adhere to industry best practices to protect our customers’ data throughout its life cycle on our platform.

SOC 2, Type 2

California Consumer Privacy Act (CCPA)

GDPR Compliant

ISO 27001:2022 Certified
Product security
Protect your data
Advanced security settings give you the power and flexibility to control your content while giving the right level of access to those who need it.
Control who has access to what with flexible authentication, including support for single sign-on, email/passwords, usernames or even HRIS file syncs.
Grant the right level of permissions and access to different user groups based on their needs.
Control who can interact with pieces of content or entire content channels. Set privileges for visibility, liking, commenting and sharing based on criteria like role or location.
Get reports on usage, including commenting, sharing, publishing and more, so you know who’s doing what with your data.

Platform security
Secure the entire experience
Our cloud-native platform helps guarantee security and resiliency. Our data is hosted on Amazon Web Services, so it’s protected by Amazon’s industry-leading security features.

Platform security features
- Data encrypted using industry standard TLS1.3 in transit and AES 256-bit encryption at rest
- Mobile-native biometric authentication
- SAML-based single sign-on
- End-to-end application vulnerability and penetration tests
- Adaptive web application firewall and DDOS protection
- SOC 2 Type 2 Compliant
- GDPR Compliance: with our obligations as a data processor
- California Consumer Privacy Act (CCPA)
- ISO 27001 Certified
Global availability and support
Always on, worldwide

Unrivaled uptime and data access
- 99.99% uptime
- Automated incident response and resolution
- Available data centers in 42 zones across 16 geographic regions
Broad support for you and your end users
Your architect provides technical support to ensure a successful implementation.
Our customer engineering team provides app update management, API support, and integration support for the long term.
Get end-user support directly from Firstup applications.

Security and compliance team
Guidance from subject matter experts
At Firstup, our security and compliance team comprises experts in U.S. and international cybersecurity law, compliance, software engineering, secure development, and systems architecture. They apply the strictest standards to our AWS-based cloud system and your platform. We support some of the world’s most tightly regulated industries, ensuring compliance with their demanding requirements.
We implement rigorous internal and external privacy policies and protections to keep customer data secure at all times. To enable lawful transfer of personal data to Firstup from outside the European Economic Area, we use inter-company agreements approved under EU law.
Our platform is founded on the core principles of information security: Confidentiality, Integrity, and Availability. This guarantees your data remains protected, accurate, and accessible.
Confidentiality
Protect your proprietary information
The confidentiality of your data is our top priority. Our platform and apps are designed from the ground up to prevent sensitive information from reaching the wrong people. We also make sure that the right people can access it when it’s most critical to your business—whether the data is at rest or in transit.
Access is restricted to those authorised to view your data, on your terms, in support of your organisation’s goals. We use multiple methods and layers of security control implementations, including but not limited to: account security, data encryption, biometrics, two-factor authentication, single sign-on (SSO) capabilities, containerisation and tokenisation.
Integrity
Keep your data intact
We maintain the consistency, accuracy and trustworthiness of data over its entire life cycle. Data is not changed in transit, and we have controls to ensure that data cannot be altered by unauthorised people. These measures include file permissions and user access controls. Plus, our automated technical controls are in place to detect any changes in data that might occur within the platform. We accurately verify the integrity of your data in real time, as it is uploaded to the platform. Backups and redundancies—including fully complete, roll-over backups and business continuity and disaster recovery options—are available to restore the affected data to its correct state.
Availability
Ensure you reach your people
Each year, we deliver billions of push notifications, emails and pieces of content to employees globally. Using multiple AWS data centers with built-in redundancy, backup and rapid provision/deprovision models, we offer the most resilient and available service in the industry. We guarantee 99.99% uptime with no exceptions. Our auto-scaling platform is rigorously tested to ensure we can accommodate businesses with hundreds, thousands and tens of thousands of employees—which we do daily.
Security roadmap
We’re always improving your security
The thought leaders, software engineers and infrastructure architects on our Security and Compliance team are always seeking process, procedure and technical improvements. We do this to ensure the confidentiality, integrity and availability of our customers’ data, and also to keep our customers compliant with the industry regulations and guidelines that impact their business decisions. To that end, we are always working to achieve compliance with and/or certifications within multiple compliance frameworks.