Trust, safety, and security
Protecting your data is our top priority
Upwork follows cutting-edge security and privacy best practices designed to provide a secure, reliable, and compliant talent marketplace for businesses of all sizes. See how Upwork can help your business accomplish your goals, worry-free.
We take protecting your data seriously. Our robust infrastructure provides streamlined authentication and asset protection you can trust.
Reduce the risk of unauthorized access with multi-factor verification.
Manage user credentials from one place with single sign-on for Enterprise customers.
Secure Enterprise sessions with custom session timeouts.
To help protect from attacks, eavesdropping, and session hijacking, we encrypt all data in transit using Hypertext Transfer Protocol Secure (HTTPS) and enforce HTTP Strict Transport Security (HSTS).
We use machine learning to protect users against malicious behavior. Messages and attachments are scanned for viruses and other malware prior to you downloading them.
Enter into an agreement concerning confidentiality and intellectual property rights that works for you and your talent, or use our Optional Service Contract Terms, or tweak them to your needs, so the rights transfer at the time of payment.
Upwork meets stringent privacy and security industry certifications. We also view compliance with privacy laws as an opportunity to demonstrate our commitment to keeping customer data private and safe. Read more about how Upwork collects, uses, shares, and manages personal information in our privacy policy.
Upwork's SOC 2 Type 2 certification attests to our Security, Confidentiality, and Availability controls in place in accordance with the AICPA Trust Service Criteria certification.
We maintain PCI DSS Level 2 compliance for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Upwork has achieved ISO 27001 & ISO 27018 certifications demonstrating our commitment to the highest level of trust. We have shown our ability to comply with the most stringent international standards and reaffirm the importance of data and privacy protection.
Our legal and information security teams have carefully analyzed the General Data Protection Regulation (GDPR) and have undertaken the necessary steps to ensure compliance.
We are compliant with the California Consumer Privacy Act (CCPA), the most stringent data privacy law in the United States.
We have voluntarily implemented a robust Anti-Money Laundering Program and have a highly trained team dedicated to preventing illicit use
Upwork operates an enterprise-wide information security risk management program that incorporates a variety of tools and resources to efficiently and effectively identify and remediate security vulnerabilities.
Our Information Security Management System (ISMS) defines the overall security functions at Upwork. Our ISMS outlines the roles and responsibilities of all our employees to help protect the confidentiality, integrity, and availability of the platform. Information Security & Privacy training is an essential element for all Upwork team members.
We design controls and maintain our platform to optimize for security, availability, and performance. We utilize security by design principles to ensure controls are baked into our platform and that we utilize all appropriate infrastructure and programmatic controls.
Upwork’s Bug Bounty Program invites researchers to test Upwork’s platform with the goal of ensuring our customers are using a secure platform that's tested by the security community.
If you believe you’ve discovered a potential security vulnerability on Upwork, please email us while following the Guidelines for Responsible Disclosure.