Skip to content
Upvendo· upvendo.nl

Last updated: 2026-06-17

This security overview is published in the official language(s) of each country we operate in. Where translations differ, the version in your national language governs. The English version is provided as a courtesy translation only.

Security at Upvendo

Last updated: June 17, 2026

Security is foundational to how we build and operate Upvendo. Restaurants, snack bars, bakeries and retailers trust us with their customer orders, payment flows and operational data — that trust is non-negotiable. This page is a transparent overview of how we protect that trust.

The Upvendo platform is built and operated jointly by Upvendo BV (Kalvekeetdijk 179, 8300 Knokke-Heist, Belgium) for customers in the EEA, UK and Switzerland, and Upvendo, Inc. (300 Delaware Avenue, Suite 210, Wilmington, DE 19801, United States) for customers in the US. Both entities operate the same shared infrastructure under the controls described below.

1. Security at the Core

Upvendo is built and operated by a small Belgian team. We follow the principle of "secure by default": every service is designed with least-privilege access, encryption in transit and at rest, and the assumption that any layer can fail and must fail safe.

Security is not delegated to a single team. Every engineer is responsible for the security of the code they write and the systems they touch. We document our threat model, review every change before it ships, and revisit our posture quarterly.

We will tell you what we do and what we do not yet do. We will not overstate our certifications or our maturity. If something is a gap, it is documented as a gap and on our roadmap.

2. Security in the Software Development Lifecycle

Our software lifecycle has security built into every stage.

Source code. All production code lives in version-controlled repositories with branch protection. No engineer pushes directly to the main branch. Every change goes through a pull request that another engineer reviews before it can be merged.

Dependencies. We use only well-maintained, widely-audited open-source dependencies. Our build pipeline runs automated vulnerability scanning against every dependency on every commit, and we apply security patches within agreed SLAs based on severity.

Static analysis. We use linters and type-checkers (ESLint, TypeScript) on every commit to catch a class of bugs before they reach production. Tests run automatically on every push and block deployment if any fail.

Secrets. API keys, database credentials, payment provider secrets and webhook tokens are never committed to source code. They live in Cloudflare Workers Secrets and are scoped to the specific environment that needs them. Production secrets are accessible only to the engineers who maintain that environment.

3. Hosting and Infrastructure

Upvendo runs on Cloudflare's global edge network.

Compute. Our application runs on Cloudflare Workers, which executes code at the edge of Cloudflare's network — across roughly 280 points of presence worldwide. Each request is served from the nearest available edge node, which reduces latency and isolates failures.

Data storage. Customer data lives in Cloudflare D1, a SQLite-based managed database that encrypts data at rest using AES-256 by default. Each Upvendo customer's data is logically isolated by tenant identifier in every query.

Encryption. All connections to Upvendo are encrypted with TLS 1.3 (HTTPS). We do not accept unencrypted connections. Internal service-to-service traffic on Cloudflare's network is encrypted automatically.

Network protection. Cloudflare provides DDoS protection, a Web Application Firewall (WAF) and bot management for every request that hits Upvendo. We tune the WAF rules to our application's threat model and review the analytics regularly.

Backups. Cloudflare D1 supports point-in-time recovery. Our content collections (menus, integration metadata, etc.) are also versioned in our source-code repository, so any data loss can be reconstructed from a known-good state.

Payments. Card data is processed by Stripe, our PCI-DSS Level 1 certified payment provider. Upvendo never touches raw card numbers, CVVs or magnetic-stripe data. Payment-related PCI scope sits with Stripe.

4. Governance, Risk and Compliance

We are honest about where we are today and where we are going.

What we do today.

  • Upvendo is a Belgian-EU company. We are subject to and comply with the EU General Data Protection Regulation (GDPR), Belgian implementation laws and applicable EU consumer-protection law.
  • Our cookie and consent management is in-product: visitors choose which cookie categories to accept, and analytics + marketing pixels only fire after explicit consent.
  • We maintain a Data Processing Agreement (DPA) available to all enterprise customers; for customers in regulated industries, the DPA can be signed before any production rollout.
  • We document our sub-processors (Cloudflare, Stripe, our CRM webhook destination) and notify enterprise customers in advance of any change to that list.

What we are working towards.

  • ISO 27001 readiness: we are mapping our controls to the ISO 27001:2022 framework, with a target of being certification-ready in 2027.
  • SOC 2 Type II is on our evaluation roadmap; we will publish a public statement when we commit to a scope and audit timeline.
  • We do not currently hold a HIPAA, FedRAMP or PCI-DSS Level 1 certification, because our use cases do not require them. If your procurement process requires a control we do not yet have, contact us and we will tell you honestly whether it is in scope for our roadmap.

5. Responsible Security Disclosure

We are grateful to the security research community for helping us keep Upvendo safe. If you believe you have found a security vulnerability in any Upvendo product or service, please report it to us in good faith.

How to report. Email security@upvendo.com with a clear description of the issue, the steps to reproduce it, and your suggested impact assessment. Encrypt sensitive details with our PGP key on request.

What you can expect. We will acknowledge receipt within two business days, confirm whether we can reproduce the issue within five business days, and keep you informed as we remediate. We will credit you in a public acknowledgement if you wish, once the issue is fixed and customers have had time to update.

Safe harbour. If you act in good faith and follow this policy, we will not pursue legal action against you for security research that:

  • does not access, modify or delete other users' data,
  • does not disrupt the availability of our services,
  • gives us a reasonable time to fix the issue before public disclosure, and
  • does not violate any applicable law.

We do not currently run a public bug bounty programme with monetary rewards. We may introduce one as our team and budget grow.

6. Personal Information and Data Privacy

How Upvendo collects, uses and shares personal information is documented in our Privacy Notice. The key points relevant to security:

  • Personal data we hold about our customers and their end-users is processed only for the purposes documented in the Privacy Notice and any signed Data Processing Agreement.
  • Access to customer data inside Upvendo is restricted to engineers and support staff who need it to do their job. Access is logged and reviewed periodically.
  • Data subject rights requests (access, rectification, deletion, portability) are handled within the timelines required by GDPR. Enterprise customers can route their end-users' requests through their account manager.

For a copy of our Data Processing Agreement or our latest sub-processor list, contact privacy@upvendo.com.

7. Your Responsibilities as a Customer

Security is shared. There are things we cannot do for you, and we ask you to do them well.

Access management. Use strong, unique passwords for your Upvendo account. Enable multi-factor authentication when we offer it. Revoke staff access promptly when a team member leaves.

Role-based access for staff. Give each member of your team the least privilege they need. A waiter does not need access to refund history. A kiosk operator does not need access to integration credentials. We provide role-based access controls — use them.

Secure your devices. Kiosks, tablets and the devices your back-office runs on are part of the security boundary. Keep them up to date. Restrict physical access. Lock screens when unattended.

Notify us promptly. If you suspect any compromise of your Upvendo account, a stolen device or any unusual activity, email security@upvendo.com immediately. The earlier we know, the more we can do.

Questions

For any security-related question that this page does not cover, email security@upvendo.com. For procurement security questionnaires (CAIQ, SIG, custom), allow up to five business days for a substantive reply.

Cookie preferences

We use cookies to make the site work, personalize your experience, measure traffic, and show relevant ads. Required cookies are always on; the rest is your choice. Cookie policy