// Trust & Security Report
Flyp Technologies Inc. d/b/a Uberflip (a PathFactory company)
B2B Content Experience Platform (content hubs, Digital Sales Rooms, ABM/sales enablement)
Certifications held
3
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on hub.uberflip.com“Uberflip is SOC2 Type II compliant and can provide a third-party attestation report.”
Verify on hub.uberflip.com“Uberflip is a Canadian company and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA).”
> Show 1 unconfirmed / not-held certifications
source: hub.uberflip.comAmazon provides an extensive list of compliance and regulatory assurances, including SOC 3 and ISO 27001.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Canada (AWS ca-central-1); analytics data kept under Uberflip's control and sent to sub-processors via TLS
Uberflip is a B2B content experience platform and acts as a data processor for customer data. It is not an LLM/AI-model vendor and there is no evidence it trains AI models on customer or audience data. The privacy/GDPR pages state analytics data is 'used internally to enhance the performance of Uberflip' on an 'aggregated and anonymized basis and will never be sold.' Customer-provided personal data is processed only to deliver the Services and not used for other purposes.
// Security controls
Encryption at rest
AES 256-bit encryption for customer data in production and at rest
hub.uberflip.comPenetration testing
Independent third-party penetration testing conducted at least annually
hub.uberflip.comAccess controls
Infrastructure accessible only via SSL VPN with multi-factor authentication and individual SSH keys
hub.uberflip.comBreach/vulnerability notification
Customers notified within 48 hours of a confirmed security vulnerability
hub.uberflip.com// Products & data scope
data: Hosts customer marketing content and collects Audience Member engagement data (IP, user-agent, analytics, optional CTA/form data passed to the customer's Marketing Automation Platform). Uberflip is the data processor; customer is the controller.
Device fingerprinting limited to IP and user-agent, hashed/salted at most every 30 days so visitors are not personally identified.
data: Personalized 1:1 sales microsites; same processor model, scoped to sales rep and target-account engagement data.
Marketing-approved rooms created by reps; same underlying platform data controls.
data: For its own prospects, account holders, and job applicants, Uberflip acts as controller and collects name, business contact info, payment card info, and credentials.
Marketing-list opt-out available; transactional/account messages may continue.
// What to watch
- Primary security disclosures live in a vendor blog post (hub.uberflip.com), not a continuously maintained public security/trust page; an Aptible/Conveyor trust center exists at trust.aptible.com/uberflip.com but is gated/JS-rendered and could not be scraped for live document listings.
- SOC 2 Type II is self-attested on the vendor blog; the actual attestation report is available on request (under NDA), not publicly downloadable.
- ISO 27001 is held by AWS (the host), not by Uberflip itself - do not list Uberflip as ISO 27001 certified.
- Uberflip was acquired by PathFactory; published privacy policy was last updated Jan 2023 and security blog content predates the acquisition, so some details may have shifted post-acquisition. Worth re-confirming under the combined PathFactory/Uberflip trust program.
- No public bug-bounty program (HackerOne/Bugcrowd) identified.
// At a glance
Pricing model
Subscription / annual contract (B2B SaaS, sales-led; demo and free product tour offered, no public pricing)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Flyp Technologies Inc. d/b/a Uberflip (a PathFactory company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.aptible.com