T3 Tools Security Policy

Overview

At UploadThing, safeguarding your data is our top priority. This document details our comprehensive security practices and policies designed to protect our users and their information.

Infrastructure Security

Our infrastructure is anchored on robust, enterprise-grade platforms, primarily hosted on Amazon Web Services (AWS), with additional services managed through Cloudflare and Vercel. These industry-leading cloud providers ensure top-tier security and compliance. We enforce stringent access controls, mandating multi-factor authentication for all production systems.

Key security measures include:

  • Timely application of security patches and updates across all systems
  • Advanced network security utilizing available platform controls, including firewalls, intrusion detection, and DDoS protection
  • Comprehensive end-to-end encryption with TLS 1.2+ for all data in transit

Application Security

Our development lifecycle is underpinned by rigorous security protocols to ensure the utmost application security. Our development team adheres to OWASP guidelines and conducts regular security testing and vulnerability assessments.

Our application features:

  • Strong input validation and output encoding to thwart injection attacks
  • Defense against common web vulnerabilities (XSS, CSRF, etc.)
  • Rate limiting mechanisms to prevent misuse
  • Secure file handling and validation protocols

Access Control

We implement strict access control policies to safeguard user data and maintain system integrity.

Our comprehensive strategy includes:

  • Role-based access control (RBAC) for all user access
  • Enforced strong password policies
  • Support for multi-factor authentication
  • Regular access reviews and audits
  • Secure session management protocols

Incident Response

Our security incident response framework is designed for swift and effective management of potential security events.

This includes:

  • Comprehensive monitoring systems for threat detection
  • Well-defined investigation and response procedures
  • Clear notification protocols for affected users when necessary

Penetration Testing and Audit Scans

We engage in regular penetration testing conducted by third-party experts, alongside daily code reviews and static analysis checks.

Reporting Security Issues

We encourage security researchers, ethical hackers, and technology enthusiasts to report security issues directly to us. We offer safe harbor for good faith security testing and may provide rewards for discovered vulnerabilities based on their severity and impact.

If you discover a security vulnerability, please report it to us at security@uploadthing.com. We value your contribution to keeping UploadThing secure and will investigate all legitimate reports that are brought to our attention.

Updates to Security Policy

This security policy is subject to change at any time. We will notify users of any significant changes to this policy at our discretion.