This Security Statement applies to all Unifiedpost Group products, services and its affiliates, except where otherwise noted. This Security Statement also forms part of the user agreements for Unifiedpost Group customers. Unifiedpost Group values the trust of its customers by letting the organisation act as custodians of their data.
Unifiedpost Group takes its responsibility to protect and secure its customers' information seriously and strives for complete transparency around its security practices detailed below.
Unifiedpost information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, entry limitations, and all that one would expect at a high-security data processing facility.
Access to Unifiedpost technology resources is only permitted through secure connectivity (e.g. VPN, SSH) and requires multi-factor authentication. Unifiedpost production password policy requires complexity, expiration, lockout and disallows reuse. Unifiedpost grants access on a need to know basis of least privilege rules, reviews permissions quarterly and revokes access immediately after employee termination.
Unifiedpost maintains and periodically reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Unifiedpost.
Unifiedpost conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, Unifiedpost communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Unifiedpost has a dedicated privacy-and security organisation, which focuses on application, cloud, network and system security. This team is also responsible for security compliance, education and incident response.
Unifiedpost maintains a documented vulnerability management program which includes periodic scans, identification and remediation of security vulnerabilities on servers, workstations, network equipment and applications. All networks, including test-and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches. Unifiedpost also conducts regular internal-and external penetration tests and remediates according to severity for any results found.
Unifiedpost encrypts all data at rest in the data centers and all in motion using the Unifiedpost cryptographic standard that is reviewed yearly.
Unifiedpost development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually. Development, testing and production environments are separated. All changes are peer reviewed and logged for performance, audit and forensic purposes prior to deployment into the production environment.
Unifiedpost maintains an asset management policy which includes identification, classification, retention and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access production networks.
Unifiedpost maintains a security incident response process that covers the initial response, investigation, customer notification (no less than as required by applicable law), public communication, prudential reporting and remediation.
Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. As any other organisation, Unifiedpost cannot guarantee absolute security. However, if Unifiedpost takes knowledge of a security breach, Unifiedpost will notify affected users so that they can take appropriate protective steps. Unifiedpost breach notification procedures are consistent with the obligations under applicable country laws and regulations, as well as any industry rules or standards applicable to Unifiedpost and its affiliates. Unifiedpost is committed to keeping its customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity. Unifiedpost employs a backup strategy to ensure minimum downtime and data loss.
Keeping your data secure also requires that you maintain the security of your account by using sufficiently complex passwords and storing them safely. You should also be aware of your context and environment and operate in a secure way of working. Lastly you should ensure that you have sufficient security on your own systems.
Application-and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews and analysis by authorized Unifiedpost personnel. Logs are preserved in accordance with regulatory requirements. Unifiedpost will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.
Relevant information regarding phishing matters can be found here.
Unifiedpost has implemented governance, risk management and compliance practices that align with the most globally recognised information security frameworks. Unifiedpost has achieved ISO 27001 certification for Leleu Printing and Banqup.com. In addition, Unifiedpost payment products carry the Payment Card Industry’s Data Security Standards (PCI DSS 3.2). For more information regarding Unifiedpost accreditations and certifications, Unifiedpost refers to the following page: accreditations.
Unifiedpost Payments makes use of rule-based and AI empowered detection systems to protect customers transactions against financial crime. These detection systems are continuously reviewed to adapt to changing threats, leading to a lower fraud rate for Unifiedpost customers and their customers.
Unifiedpost Payments uses the 3D Secure (3DS) protocol to add an extra layer of protection to online electronic payments. This reduces the risk of unauthorised transactions and charge-backs. With 3DS enabled, customers have two-factor authentication on payments, i.e. payments won’t go through unless the customer authorises them.
All customer funds in possession of Unifiedpost Payments are safeguarded in compliance with the relevant legislation. These funds are deposited at a Unifiedpost banking partner.
Please note that funds on your payment account are not protected directly under the Deposit Guarantee System (EU) or the Financial Services Compensation Scheme (UK).
In case of insolvency of the EU banking partner, the French Fonds de Garantie des Dépôts et de Résolution (FGDR) will cover the deposits up to a limit of €100,000 for each customer.