Enterprise-grade security for confidential M&A transactions
Security is at the core of everything we do at UpSwitch. As Europe's leading M&A platform, we understand that business transactions involve highly sensitive and confidential information that requires the highest levels of protection.
Our Security Framework
End-to-End Encryption
All data is encrypted in transit and at rest using AES-256 encryption standards.
Multi-Factor Authentication
Required 2FA for all accounts with support for authenticator apps and SMS.
24/7 Monitoring
Continuous security monitoring with real-time threat detection and response.
Data Protection Measures
Data Storage & Backup
Data stored in EU-based data centers (AWS Frankfurt, Azure Netherlands)
Automated encrypted backups with 99.9% availability SLA
Geographic replication for disaster recovery
Point-in-time recovery with configurable retention periods
Network Security
TLS 1.3 encryption for all data in transit
Web Application Firewall (WAF) protection
DDoS protection and rate limiting
Regular vulnerability scanning and penetration testing
Access Control
Role-based access control (RBAC) with principle of least privilege
Multi-factor authentication (MFA) required for all accounts
Session management with automatic timeout and re-authentication
Comprehensive audit logs and access monitoring
Compliance & Certifications
Regulatory Compliance
• GDPR (General Data Protection Regulation)
• SOC 2 Type II compliance
• ISO 27001 security management
• Belgian financial services regulations
• EU data residency requirements
Industry Standards
• PCI DSS for payment processing
• OWASP security guidelines
• NIST Cybersecurity Framework
• Cloud Security Alliance (CSA)
• Financial industry best practices
Secure Document Management
Virtual Data Room Features
Document Security
• End-to-end encryption for all documents
• Watermarking and download restrictions
• View-only access with screen capture protection
• Automatic document expiration
Access Control
• Granular permission settings per document
• NDA verification before access
• User activity tracking and audit trails
• Time-limited access with notifications
Infrastructure Security
Cloud Infrastructure
Amazon Web Services (AWS)
Primary hosting on AWS with Frankfurt data centers, leveraging:
• AWS Shield for DDoS protection
• AWS WAF for application layer security
• AWS KMS for key management
• Amazon VPC for network isolation
Microsoft Azure (Secondary)
Backup and disaster recovery with Netherlands data centers:
• Azure Security Center monitoring
• Azure Key Vault for secrets management
• Azure Backup for data protection
• Cross-region replication
Incident Response
We maintain a comprehensive incident response plan to quickly address any security concerns:
< 15min
Detection Time
< 1hr
Response Time
24/7
Monitoring
< 24hr
Customer Notification
Your Security Responsibilities
While we provide enterprise-grade security, users play a crucial role in maintaining security:
Security Best Practices
• Use strong, unique passwords and enable 2FA
• Keep your devices and browsers updated
• Only access the platform from secure networks
• Log out when using shared or public computers
• Report suspicious activity immediately
• Review and verify all account notifications
Security Updates & Communication
We're committed to transparency about our security practices and any incidents that may occur:
Regular Updates
• Monthly security newsletter
• Quarterly security reports
• Annual third-party security audits
• Platform status page updates
Incident Communication
• Immediate notification of any breaches
• Detailed incident reports
• Remediation steps and timeline
• Follow-up preventive measures
Security Contact
If you have security concerns, questions, or want to report a potential vulnerability, please contact our security team immediately: