// Trust & Security Report

    Flyp Technologies Inc. d/b/a Uberflip (a PathFactory company) logo

    Flyp Technologies Inc. d/b/a Uberflip (a PathFactory company)

    B2B Content Experience Platform (content hubs, Digital Sales Rooms, ABM/sales enablement)

    Certifications held

    3

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Uberflip is SOC2 Type II compliant and can provide a third-party attestation report.

    Verify on hub.uberflip.com
    PIPEDA (Canada)
    HELD

    Uberflip is a Canadian company and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA).

    Verify on hub.uberflip.com
    HIPAA
    HELD
    > Show 1 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Amazon provides an extensive list of compliance and regulatory assurances, including SOC 3 and ISO 27001.

    source: hub.uberflip.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Canada (AWS ca-central-1); analytics data kept under Uberflip's control and sent to sub-processors via TLS

    Uberflip is a B2B content experience platform and acts as a data processor for customer data. It is not an LLM/AI-model vendor and there is no evidence it trains AI models on customer or audience data. The privacy/GDPR pages state analytics data is 'used internally to enhance the performance of Uberflip' on an 'aggregated and anonymized basis and will never be sold.' Customer-provided personal data is processed only to deliver the Services and not used for other purposes.

    // Security controls

    Encryption at rest

    AES 256-bit encryption for customer data in production and at rest

    hub.uberflip.com

    Encryption in transit

    TLS for data transfer to MAP APIs and to sub-processors

    uberflip.com

    Password storage

    User passwords hashed with SHA-256 and cannot be decrypted

    hub.uberflip.com

    Penetration testing

    Independent third-party penetration testing conducted at least annually

    hub.uberflip.com

    Vulnerability scanning

    Third-party network vulnerability scans at least annually

    hub.uberflip.com

    Access controls

    Infrastructure accessible only via SSL VPN with multi-factor authentication and individual SSH keys

    hub.uberflip.com

    Breach/vulnerability notification

    Customers notified within 48 hours of a confirmed security vulnerability

    hub.uberflip.com

    Bug bounty program

    No public HackerOne or Bugcrowd program found

    hub.uberflip.com

    Hosting

    Amazon Web Services (AWS), ca-central-1 (Canada)

    hub.uberflip.com

    Data Protection Officer

    Dedicated DPO and team for handling data-subject requests

    uberflip.com

    // Products & data scope

    Uberflip Content Experience Platform (Hubs)B2B content marketing / content hubs

    data: Hosts customer marketing content and collects Audience Member engagement data (IP, user-agent, analytics, optional CTA/form data passed to the customer's Marketing Automation Platform). Uberflip is the data processor; customer is the controller.

    Device fingerprinting limited to IP and user-agent, hashed/salted at most every 30 days so visitors are not personally identified.

    Digital Sales Rooms / Sales EnablementSales engagement

    data: Personalized 1:1 sales microsites; same processor model, scoped to sales rep and target-account engagement data.

    Marketing-approved rooms created by reps; same underlying platform data controls.

    Uberflip account / website (controller scope)Corporate marketing site & accounts

    data: For its own prospects, account holders, and job applicants, Uberflip acts as controller and collects name, business contact info, payment card info, and credentials.

    Marketing-list opt-out available; transactional/account messages may continue.

    // What to watch

    • Primary security disclosures live in a vendor blog post (hub.uberflip.com), not a continuously maintained public security/trust page; an Aptible/Conveyor trust center exists at trust.aptible.com/uberflip.com but is gated/JS-rendered and could not be scraped for live document listings.
    • SOC 2 Type II is self-attested on the vendor blog; the actual attestation report is available on request (under NDA), not publicly downloadable.
    • ISO 27001 is held by AWS (the host), not by Uberflip itself - do not list Uberflip as ISO 27001 certified.
    • Uberflip was acquired by PathFactory; published privacy policy was last updated Jan 2023 and security blog content predates the acquisition, so some details may have shifted post-acquisition. Worth re-confirming under the combined PathFactory/Uberflip trust program.
    • No public bug-bounty program (HackerOne/Bugcrowd) identified.

    // At a glance

    Pricing model

    Subscription / annual contract (B2B SaaS, sales-led; demo and free product tour offered, no public pricing)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Flyp Technologies Inc. d/b/a Uberflip (a PathFactory company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.aptible.com

    > Browse all vendor trust reports