UpState Community Press (“we,” “our,” “us”) is committed to safeguarding the security, integrity, and confidentiality of all information collected, stored, or processed through our website and digital systems. This Security Policy outlines the measures we take to protect data, prevent unauthorized access, and maintain reliable operations.

This policy applies to:

  • Our website and digital platforms
  • Our employees, contractors, and contributors
  • Any third-party vendors handling data on our behalf

1. Security Objectives

Our core security goals are:

  • Confidentiality: Ensuring data is accessible only to authorized users
  • Integrity: Preventing unauthorized modification of data
  • Availability: Keeping our services and information accessible and fully functional

2. Data Security Measures

2.1 Encryption

We use encryption to protect data in transit and at rest:

  • HTTPS/TLS encryption is enforced for all website traffic
  • Sensitive access credentials are encrypted using industry-standard methods
  • Third-party tools (hosting, forms, analytics) are required to use encrypted connections

2.2 Data Storage

We store information only with reputable, secure, industry-standard service providers that follow recognized security best practices.

We avoid storing unnecessary personally identifiable information (PII).

2.3 Access Controls

Access to data is restricted based on role and necessity:

  • Only authorized team members may access administrative systems
  • Accounts use secure passwords and recommended authentication methods
  • Access is revoked promptly for former staff or contributors

We do not store credit card information or highly sensitive personal data on our servers.

2.4 Administrative Safeguards

We implement:

  • Least-privilege access practices
  • Logging of administrative actions
  • Periodic password updates
  • Internal review of security practices

3. Website & Infrastructure Security

3.1 Hosting Security

Our website is hosted on secure, industry-standard infrastructure that includes:

  • Firewall and intrusion prevention systems
  • Malware and virus scanning
  • DDoS mitigation protocols

3.2 Software Updates

We regularly update:

  • Website CMS or framework
  • Plugins, themes, and integrated tools
  • Server environments

Outdated or vulnerable software is removed or patched promptly.

3.3 Network Security

We use:

  • Encrypted connections
  • Secure DNS
  • Protection against brute-force attacks
  • Automated monitoring for suspicious behavior

4. Vendor & Third-Party Services

We rely on trusted third-party vendors for hosting, analytics, email delivery, and content management. Vendors must:

  • Follow industry-standard security practices
  • Maintain compliance with applicable regulations
  • Provide reasonable safeguards for data protection

Examples include:

  • Web hosting providers
  • Email newsletter services
  • Analytics tools (Google Analytics, Meta Pixel)
  • Form submission and content management platforms

We review the security capabilities of third-party tools before integration.

5. Incident Response

5.1 Identification

We monitor activity to detect:

  • Unauthorized access
  • Malware or suspicious activity
  • System vulnerabilities
  • Service outages

5.2 Response

In the event of a security incident, we will:

  1. Investigate to determine the nature and scope
  2. Secure affected systems
  3. Restore normal operations as quickly as possible
  4. Notify affected individuals if required by law
  5. Document the incident and improvements made

5.3 Reporting a Security Issue

Security concerns may be reported to:

security@upstatecommunitypress.com

We appreciate responsible disclosure from users and researchers.

6. Data Breach Protocol

If a breach involving personal data occurs, we will:

  • Contain and stop the breach
  • Assess affected data
  • Notify users when legally required
  • Cooperate with relevant authorities
  • Implement preventative measures to reduce future risk

We follow applicable U.S. state and federal breach notification requirements.

7. User Responsibility

Users are responsible for:

  • Using strong passwords for any account created on our site
  • Keeping login credentials confidential
  • Reporting suspicious activity or compromised accounts

We advise users to avoid sharing sensitive personal information through comment sections or public submissions.

8. Limitations

While we strive to follow best practices, no system can guarantee absolute security. Users engage with our website at their own risk. We encourage safe internet practices and responsible information-sharing.

9. Updates to This Security Policy

We may update this Security Policy from time to time to reflect:

  • Changes in security technology
  • Updates to website features
  • Legal or regulatory requirements
  • Best practice improvements

The “Last Updated” date will reflect revisions.