Trust, safety, and security

Protecting your data is our top priority

Upwork follows cutting-edge security and privacy best practices designed to provide a secure, reliable, and compliant talent marketplace for businesses of all sizes. See how Upwork can help your business accomplish your goals, worry-free.

We take protecting your data seriously. Our robust infrastructure provides streamlined authentication and asset protection you can trust. 

Access and authentication
Multi-factor authentication

Reduce the risk of unauthorized access with multi-factor verification.

Single sign-on

Manage user credentials from one place with single sign-on for Enterprise customers.

Custom session timeouts

Secure Enterprise sessions with custom session timeouts. 

Asset protection
Data encryption

To help protect from attacks, eavesdropping, and session hijacking, we encrypt all data in transit using Hypertext Transfer Protocol Secure (HTTPS) and enforce HTTP Strict Transport Security (HSTS).

Malware & spam protection

We use machine learning to protect users against malicious behavior. Messages and attachments are scanned for viruses and other malware prior to you downloading them.

Confidentiality and IP rights

Enter into an agreement concerning confidentiality and intellectual property rights that works for you and your talent, or use our Optional Service Contract Terms, or tweak them to your needs, so the rights transfer at the time of payment. 

Upwork meets stringent privacy and security industry certifications. We also view compliance with privacy laws as an opportunity to demonstrate our commitment to keeping customer data private and safe. Read more about how Upwork collects, uses, shares, and manages personal information in our privacy policy.

Certifications
SOC 2 Type 2

Upwork's SOC 2 Type 2 certification attests to our Security, Confidentiality, and Availability controls in place in accordance with the AICPA Trust Service Criteria certification.

PCI DSS

We maintain PCI DSS Level 2 compliance for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions. 

ISO 27001 & 27018

Upwork has achieved ISO 27001 & ISO 27018 certifications demonstrating our commitment to the highest level of trust. We have shown our ability to comply with the most stringent international standards and reaffirm the importance of data and privacy protection.

Regulatory compliance
GDPR adherence

Our legal and information security teams have carefully analyzed the General Data Protection Regulation (GDPR) and have undertaken the necessary steps to ensure compliance. 

CCPA adherence

We are compliant with the California Consumer Privacy Act (CCPA), the most stringent data privacy law in the United States. 

Anti-money laundering

We have voluntarily implemented a robust Anti-Money Laundering Program and have a highly trained team dedicated to preventing illicit use

Upwork operates an enterprise-wide information security risk management program that incorporates a variety of tools and resources to efficiently and effectively identify and remediate security vulnerabilities.

Information security management system (ISMS)

Our Information Security Management System (ISMS) defines the overall security functions at Upwork. Our ISMS outlines the roles and responsibilities of all our employees to help protect the confidentiality, integrity, and availability of the platform. Information Security & Privacy training is an essential element for all Upwork team members.

Architecture

We design controls and maintain our platform to optimize for security, availability, and performance. We utilize security by design principles to ensure controls are baked into our platform and that we utilize all appropriate infrastructure and programmatic controls.

Reporting a concern

Upwork’s Bug Bounty Program invites researchers to test Upwork’s platform with the goal of ensuring our customers are using a secure platform that's tested by the security community.

If you believe you’ve discovered a potential security vulnerability on Upwork, please email us while following the Guidelines for Responsible Disclosure
 

See how we protect your data

Request a demo