Security Statement
This Security Statement describes how Upcube approaches securing Ethen accounts, workspaces, credentials, and operational systems. This statement describes Ethen’s current posture without making unsupported certification or compliance claims.
Security Statement
Upcube designs Ethen so model work can be authenticated, permissioned, inspected, and operated with clear boundaries between platform controls and customer responsibilities. Security is a shared responsibility across Upcube systems, customer configuration, end-user behavior, and third-party providers.
1. Security posture
Ethen security focuses on protecting accounts, workspace content, secrets, administrative actions, and service integrity. Controls may include authentication, authorization, encryption in transit, secret handling pathways, environment separation where implemented, logging, and operational access discipline. This statement describes intended posture and product direction. Exact control implementations can vary by component and maturity. We avoid claiming certifications, audit outcomes, or test results that are not published as verified facts. Customers should evaluate whether the current posture fits their risk tolerance and industry obligations. Security work is continuous. As features ship, threat models and mitigations are revisited. Public pages are updated when material posture descriptions change, but day-to-day engineering hardening may precede documentation updates.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Focus on accounts, content, secrets, and integrity.
- No unsupported certification claims.
- Fit-for-risk evaluation remains customer-owned.
- Security work is continuous.
2. Shared responsibility
Upcube is responsible for securing the systems it operates. Customers are responsible for identity lifecycle, member permissions, device security, key management, prompt hygiene, connected-service scopes, and review of high-impact actions. If a customer enables broad admin access, weak passwords, shared credentials, or over-scoped tokens, residual risk increases regardless of platform controls. Providers selected via platform routing or BYOK apply their own security practices to data they process. A practical enterprise checklist includes: MFA for admins, least-privilege roles, key rotation, integration scope review, approval gates for writes, and an offboarding runbook.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Platform vs customer responsibilities are distinct.
- Customer configuration strongly affects outcomes.
- Providers secure their own environments.
- Operational checklists matter as much as product features.
3. Account access
Access to Ethen should use individual accounts, strong authentication, and session protections provided by the product and identity stack. Customers should enable available multi-factor authentication and rotate credentials after suspected compromise. Service accounts and automation identities should be minimized, monitored, and scoped. Do not embed long-lived secrets in client-side code or public repositories. Upcube may terminate sessions or require re-authentication for security events. Phishing resistance matters: train users not to paste passwords into model prompts or untrusted forms that mimic login.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Prefer individual identities and strong auth.
- Limit automation credentials.
- Sessions may be terminated for security events.
- Phishing resistance is part of account security.
4. Workspace permissions
Workspaces should follow least privilege. Only grant admin rights to people who need them. Separate duties for billing, security settings, key management, and content administration when practical. Review invites, guest access, and abandoned projects. Remove access promptly when people leave. Permission mistakes are a common source of data exposure; treat membership changes as security events. Project-level boundaries can reduce blast radius when a single member account is compromised.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Least privilege for workspace roles.
- Review guests and abandoned projects.
- Offboarding is a security control.
- Project boundaries reduce blast radius.
5. Provider keys and BYOK
Platform and customer-managed keys must be protected. BYOK credentials should be stored in supported secret paths, rotated, and revoked when unused. See the BYOK Data Handling policy for routing and provider-side boundaries. Key leakage can cause data exposure and unexpected provider spend. Monitor unusual usage where tools allow it. Do not share keys in chat prompts. Prefer short-lived credentials or scoped keys when providers offer them.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Protect platform and BYOK secrets.
- Rotate and revoke unused keys.
- Never place keys in ordinary prompts.
- Prefer scoped or short-lived credentials.
6. Connected services
Integrations expand the blast radius of a compromised account. Grant minimal scopes, prefer short-lived tokens where available, and disconnect unused services. State-changing integrations (write access to repos, messages, tickets, cloud resources) should require approval workflows and human review for sensitive operations. Customers must ensure connected systems are authorized for the data they receive. Periodic access reviews should include integration owners and token ages.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Minimize integration scopes.
- Treat write access as high risk.
- Authorize external systems intentionally.
- Review integration owners and token age.
7. Approvals and evidence
Approval packets, receipts, and evidence records help teams inspect risky actions. They improve process security only when humans actually review them. Do not rubber-stamp approvals. Preserve evidence when investigating incidents. Remember evidence features are product tools, not automatic legal certification. Access to evidence should be limited to roles that need it. Define dual-control for production writes and external messaging where risk warrants it.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Approvals need real human review.
- Evidence supports investigations.
- Limit who can access sensitive evidence.
- Dual control for high-risk actions.
8. Logging and monitoring
Operational and security logging may record authentication events, admin changes, errors, route metadata, and abuse signals. Logs are used to operate, secure, and troubleshoot the service. Customers should not expect every model prompt to be absent from all logs if logging is required for reliability or security. Minimize secrets in free text. Log retention follows the Data Retention policy’s security and diagnostics categories. Anomalous usage spikes can indicate compromised keys or runaway automation and should be investigated promptly.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Logs support security and reliability.
- Minimize secrets in log-prone content.
- See retention policy for log categories.
- Investigate anomalous usage spikes.
9. Local and private lanes
Local runtimes shift some execution risk to customer-managed environments. Customers must patch devices, control network exposure, and protect local model artifacts and caches. Local execution does not remove the need to secure Ethen accounts and any remote metadata channels that remain. Validate which parts of a workflow are local versus remote before processing highly sensitive data. Endpoint detection, disk encryption, and least-privilege OS accounts are customer controls that matter in local modes.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Local lanes increase customer environment responsibility.
- Accounts and metadata may still be remote.
- Map local vs remote paths explicitly.
- Endpoint hardening is customer-owned.
10. Vulnerability reporting
If you believe you found a security vulnerability in Ethen, report it through published security or support channels with enough detail to reproduce the issue. Do not exploit vulnerabilities beyond what is necessary to demonstrate them, and do not access other customers’ data. Good-faith reports help improve the product. Unauthorized attacks, spam scanning that degrades service, or public dump of exploit details before coordination may violate the Acceptable Use Policy and law. We may prioritize reports based on severity and impact. Include affected URLs, timestamps, and clear reproduction steps when possible.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Report vulnerabilities through published channels.
- Avoid accessing other tenants’ data.
- Good-faith coordinated disclosure is preferred.
- Include reproduction detail.
11. Incident communication
If Upcube confirms a security incident affecting customer personal data or workspace content in a way that requires notice under applicable law or contract, we will notify affected customers through reasonable available channels and describe known impact and response steps as information becomes reliable. Not every anomaly is an incident. Investigation quality matters more than premature public claims. Customers should maintain current admin contact details so notices can be delivered. Customer-side incidents (lost laptops, leaked BYOK keys, malicious insiders) remain customer-owned to investigate and remediate, with Upcube support where product logs help.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Legal/contractual notices follow confirmed incidents.
- Investigations precede definitive statements.
- Keep admin contacts current.
- Customer-side incidents remain customer-owned.
12. Enterprise controls
Enterprise customers may require additional administrative controls, questionnaire responses, or contractual security terms. Available controls depend on product maturity and plan. This public statement does not invent enterprise features that are not generally available. See the Enterprise Security page for procurement-oriented guidance and boundaries. Verified answers should be preferred over marketing language in security reviews. Roadmap items should be labeled as roadmap, not as present-tense controls.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Enterprise needs may require written agreements.
- Only verified controls should be claimed.
- See Enterprise Security page.
- Do not present roadmap as shipped.
13. Limitations
No online service can guarantee perfect security. Encryption, access control, and monitoring reduce risk but cannot eliminate it. Third-party providers, user devices, and misconfiguration introduce additional residual risk. This page does not claim SOC 2, ISO 27001, HIPAA, PCI, continuous penetration testing, or uptime SLAs. If such artifacts become available and are intended for customer sharing, they will be provided through appropriate channels rather than implied here. Evaluate residual risk before processing regulated or highly sensitive data. Security is risk management, not zero-risk theater.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Perfect security is not claimed.
- No unsupported compliance badges.
- Residual risk evaluation is required.
- Risk management over zero-risk claims.
14. Related policies
Read this statement with the Privacy Policy, Data Retention policy, BYOK Data Handling policy, Acceptable Use Policy, Terms of Service, and Enterprise Security page. Security expectations for voice features appear in Voice Consent and Voice Cloning policies where relevant. Policy updates may occur as the security program and product evolve. For security questions, use published contact channels rather than informal social messages that cannot be verified.
Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.
- Related policies complete the security picture.
- Voice features have additional guidance.
- Updates will track product evolution.
- Use published contact channels.
15. Practical hardening checklist
For teams deploying Ethen, a practical baseline includes: unique user accounts; MFA for admins; least-privilege roles; short-lived or scoped keys; no secrets in prompts; staged integrations before production write scopes; approval gates for state-changing automation; offboarding checklists; and a known vulnerability reporting path.
Document approved model providers and data classes. Review workspace membership monthly for early deployments. Monitor provider spend for BYOK anomalies that can signal leakage or runaway jobs.
This checklist is guidance, not a certification criterion. Your industry may require additional controls, contractual terms, or alternative vendors for certain data classes.
Revisit the checklist when enabling new surfaces such as voice, browser tools, or external write integrations.
- Baseline hygiene reduces common failure modes.
- Provider allowlists and data classes should be explicit.
- Checklists are guidance, not certification.
- Revisit controls when new high-risk surfaces ship.
How to read this statement
This page is a public security overview for product evaluation and transparency. It is not a certification report, penetration-test letter, or insurance document. Enterprise customers may receive additional detail through questionnaires and written agreements where appropriate.
- Public overview: High-level posture, not unverified control claims.
- Shared model: Customer configuration is part of security outcomes.
- Provider paths: Model and tool providers have their own security practices.
- Reporting path: Vulnerabilities should be reported through published channels.
Policy status
This Security Statement is public posture text without certification or audit-report claims.
- Shared responsibility: Platform and customer duties are both described.
- No fake badges: Unsupported compliance claims are avoided.
- Reporting path: Vulnerabilities should be reported responsibly.
- Enterprise path: Deeper review may use questionnaires and contracts.
Not legal advice
These pages explain product and policy posture for Upcube / Ethen. They are not legal advice and do not replace counsel for your jurisdiction, industry, or use case.
Evidence and claim boundaries
This statement describes Ethen’s current posture without making unsupported certification or compliance claims. Configuration, provider selection, and enterprise agreements can change data paths and controls.
- No certification claim: No SOC 2, ISO 27001, HIPAA, PCI, or penetration-test guarantee is claimed here.
- Shared responsibility: Customers control members, keys, devices, and integrations.
- Provider-dependent paths: Third-party providers apply their own security practices.
- Continuous change: Controls evolve; public pages avoid frozen false guarantees.
Related security reading
Security connects to enterprise evaluation, privacy, BYOK, and retention.
Related policies
- Terms of Service
Account and workspace rules.
- Privacy Policy
Data categories and rights.
- Data Retention
Retention categories.
- BYOK Data Handling
Customer keys and provider paths.
- Enterprise Security
Enterprise security evaluation overview.
- Security Statement
Security posture overview.
- Acceptable Use Policy
Prohibited uses.
- Cookie Policy
Cookies and storage.
Frequently asked questions
Is Ethen SOC 2 certified according to this page?
This page does not claim SOC 2 or similar certification. Ask enterprise channels for any verified artifacts that may exist separately.
Who secures BYOK keys?
Customers primarily secure and rotate keys they supply. Upcube provides product pathways for configuration and storage where implemented.
How do I report a vulnerability?
Use published security or support contact channels with reproduction detail, and avoid accessing other customers’ data.
Does local mode make Ethen fully offline-secure?
Local execution can reduce some remote model transmission, but accounts, metadata, and mixed workflows may still involve remote components.
Security Statement · Ethen by Upcube