Security
Last updated: September 15, 2021
We take great care in handling any data that comes through our systems. Security is critical to every product and service we deliver and we view it as our top priority.
This page will address some details about how we work and the safeguards we use.
Handling data and secrets
Permission is granted to temporarily download one copy of the materials (information or software) on Uphill Studio for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
- All our services run and communicate via TLS (SSL), data is never sent as plain text.
- Passwords and other sign in credentials are stored using one-way PBKDF2 hashes, generated with 100k iterations and salted.
- External account credentials (API keys and tokens) that need to be accessed by our automated integration systems are stored and encrypted with AES. These credentials are read only just-in-time by automated processes and decryption keys are stored separately.
- Human Uphill Sutdio employees have access to HTTP, database and transaction logs to enable support. We keep passwords, tokens and secrets out of the logs, they are not visible to humans.
Our Policies
- We always apply principles of least privilege.
- We follow OWASP best practices.
- All code is peer-reviewed before deployment.
Account Protection
Please contribute to the saftey of yourself and our community by taking these steps to keep your UP Account protected:
- Never give out your password or personal information.
- Use a unique password for every site, app and service you interact with.
- Use a password manager to ensure a unique and complex password. Longer passwords (15+ characters) are more secure than shorter password.
- Never respond to someone asking for your password or personal information, we will never ask you for this.
Cheats, Hacks, and Bots
Cheating and misconduct of any kind is not tolerated on any of our games. Members who are caught cheating will be immediately locked out until further review of the incident.
Please refer to our Terms of Service for the definition of cheating, under "Cheating and Misconduct".
Responsible Disclosure / Bug Reporting
We ask everyone to report any bugs or security vulnerabilities they may experience while playing our games. Reporting bugs helps us improve our games and creates a better experience for everyone. Reporters of who report legitimate bugs or security vulnerabilities may be eligable for a bug bounty. When reporting a bug, please make sure to include the following:
- Target - Provide the URL or exact location where you experienced the bug.
- Description - Be as detailed as possible.
- How to reproduce - Provide written instructions if possible and including screen shots where relevant.
Please report all bugs to bugs@uphillstudio.com.