Skip to content
Contact us
  • There are no suggestions because the search field is empty.

UpGuard Contracting FAQ

This FAQ document provides information about UpGuard’s offerings and will assist you in reviewing our Hosted Services Agreement (“HSA”) and associated documents.

General FAQs

Who and What is UpGuard?

We help our customers to detect, assess, and mitigate cyber risk across their attack surface, supply chain, and workforce.

How do our customers access and use UpGuard?

We provide services using outside-in, publicly available data that is collected and displayed in our User Interface via our proprietary technology.  Delivered via web browser, our one-to-many model enables a more cost-effective delivery of Services by ensuring everyone is using the most recent version of UpGuard with access to the latest features and functionality, all whilst being protected by the latest security updates and infrastructure upgrades.

The services we provide are a cloud-based multi-tenancy Software-as-a-Service (“SaaS”) solution. This means that all our Customers access our services on a shared architecture, code base, and infrastructure, with logically separated accounts.

What are UpGuard’s products and user types?

A summary of UpGuard’s products, plans, and features, as well as user types, can be found here.

Will UpGuard be developing custom software for our company?

No. UpGuard is an existing platform, and any further development completed on the platform is owned by UpGuard, and implemented for the benefit of all of our customers.

UpGuard HSA FAQs

Why use UpGuard’s HSA? Will UpGuard execute our standard vendor agreement instead?

Our HSA has been meticulously crafted, incorporating customer feedback, extensive experience in SaaS legal and sales practices, comprehensive market research, and industry best practices. It is a clearly drafted, well-balanced and customer-centric agreement. The HSA accurately reflects the UpGuard business model and our approach to delivering SaaS products.

Furthermore, our HSA has been independently certified as “Customer Favorable” by TermScout, so you can be confident that it provides balanced, fair, and market-aligned terms.

Utilizing the HSA consistently across our customer base enables us to deliver our Services at scale with minimal friction, whilst optimizing licensing costs. This efficiency allows us to allocate more resources towards enhancing our Services, ultimately benefiting all our customers.

Can UpGuard agree to our Code of Conduct, ESG Policy, or other policies?  What are UpGuard’s commitments to combating modern slavery?

Due to the complexities and additional cost and resourcing involved in operationalizing the nuances of various customer codes and policies, UpGuard is unable to agree to your code of conduct or any other policy. UpGuard’s commitments to environmental impact, human rights and general compliance via dedicated policies more than adequately address all relevant issues and can be accessed upon request or via the UpGuard Trust Exchange.

Can UpGuard agree to unlimited liability for personal data breach?

We believe in a fair allocation of risk that reflects a balance of data security responsibilities and mutual benefits. UpGuard does not provide uncapped liability for personal data breach, as maintaining the security of such data is a shared responsibility. UpGuard provides industry-leading security IT Services, but the customer authorizes the users to the system, maintains the security of login credentials, and chooses what information it wishes to use in the Services. Further, the nature of the data that UpGuard processes is not of a sensitive enough nature to warrant uncapped liability. UpGuard does not process credit card information, banking information, or anything with a similarly sensitive nature.

Can UpGuard agree to broader warranties?

Our warranties are crafted to be both fair and reasonable, aligning with the established industry standards for SaaS offerings. We stand by the quality and performance of our services, providing assurances that are typical within the SaaS landscape. These warranties are designed to offer our customers peace of mind, reflecting our commitment to delivering reliable and effective solutions. They cover aspects crucial to the functionality and security of our platform, ensuring that our services meet the expectations set forth by common industry practices. We believe in transparency and fairness, and our warranty terms reflect these core values, providing a balanced and standard level of protection for our users.

Can we choose our choice of law and venue in the Agreement?

Yes. There are options built into our HSA based on the location of the Customer.

What are UpGuard’s standard payment terms?

UpGuard invoices fees upon execution of an order form, with payment terms net 30 days from the date of the invoice. 

Can we terminate the Agreement for convenience?

UpGuard's business model necessitates a minimum subscription period of at least 12 months, with the option for a multi-year commitment, and whilst we would be sad to see you go, flexibility is available to terminate the HSA with written notice, noting that a refund of pre-paid fees will not be applicable.    

Does UpGuard allow acceptance testing?

UpGuard's products are commercially released and readily available, with all customers accessing the same platform aligned to their specific purchase. While acceptance testing isn't conceptually aligned with UpGuard's service model, we do offer technical product support and an SLA to guarantee product availability and smooth operation.

Does UpGuard provide a wind-down or transition service at the end of the Agreement term?

UpGuard's service model does not include a wind-down period or transition services. Upon the conclusion of your subscription or agreement, you will be granted convenient access to facilitate data migration from the UpGuard platform. 

Does UpGuard offer an SLA? What about support? Can we negotiate these?

UpGuard offers levels of standardised technical support services to all customers.  In order to maintain uniformity and continue to keep costs down, deviations to the support terms are not permitted. You can review our offerings here. 

Protecting our Customers' Data

Does UpGuard process personal information? What kind of data will we be providing to UpGuard?

UpGuard will collect personal information of our users, such as name, email addresses and login information, only to the extent it is needed in order to provide the services.

For our User Risk Customers, we may also be a processor for any personal information that you choose to include in the content you upload.

How does UpGuard protect our data?

Protecting Data is at the heart of what we do. For further details on how we securely manage your data consult our Trust Page and Security Page. 

Does UpGuard permit customer audits or penetration testing?

So as to maintain platform integrity, we do not permit Customers access to complete individual audits or penetration tests. Instead, we engage independent third-party auditors to conduct regular security assessments, including our SOC 2 Type II assessment, allowing you to trust the results without incurring additional cost or effort.

Can we audit your subcontractors/vendors to ensure their security measures are up to par?

UpGuard operates on a public cloud, multi-tenant system, and there are limitations on what we can authorize on behalf of our subcontractors. We support a shared responsibility model and, as part of our responsibilities, we have established a uniform supplier risk management process that includes annual reviews of our critical vendors. You will find a complete and up-to-date list of all of our subprocessors here.

Will UpGuard execute our Data Processing Agreement (DPA)?

Whilst we don’t believe a DPA will always be necessary, if required we can only agree to use the UpGuard DPA, as it is specifically drafted for the UpGuard Services. Our DPA reflects our best-in-class security & privacy commitments, and is aligned with all applicable and current international and domestic regulations.

Will UpGuard notify us in the event of a security incident or personal data breach?

UpGuard will notify you within 48 hours of confirming a security incident involving data you have provided to UpGuard.

Will UpGuard collect our usage and/or statistical data?

Statistical or usage data is collected upon customer use of the platform.  We create analytics so that we can continually improve our customer’s user experience, such as how customers are using our products based on customer interactions. This data will be internally used by UpGuard for product development and roadmapping, business analytics, and improvement of sales motions. This is separate from customer analytics derived from the customer content available in the platform to which the customer remains the owner. UpGuard owns statistical or other usage data and output derived from the operation of the Services.