Gupi Mobile — Connecting Together

Security

Last updated: 1 May 2025

Protecting your account and personal data is a core priority at Gupi Mobile. This page explains the security measures we have in place and what you can do to keep your account safe.

How We Protect Your Data

Encryption in transit

All traffic between your browser or app and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints — unencrypted connections are automatically redirected.

Encryption at rest

Sensitive data in our database, including personal details and call records, is stored on encrypted volumes. Passwords are never stored in plain text — we use bcrypt hashing with a per-user salt.

Payment security

We do not store credit or debit card numbers. All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We store only a Stripe customer reference and the last 4 digits of your card for display purposes.

Two-factor verification

When you log in from a new device, we send a one-time passcode (OTP) to your registered email address. This protects your account even if your password is compromised. SIM linking also requires OTP verification sent to the physical SIM.

Infrastructure security

Our platform runs on AWS infrastructure in the UK (eu-west-2). Access to production systems is restricted to authorised personnel using multi-factor authentication. We conduct regular security reviews of our codebase and infrastructure.

Rate limiting and brute-force protection

Login attempts, OTP submissions, and API calls are rate-limited to protect against automated attacks. Accounts are temporarily locked after repeated failed attempts.

How to Keep Your Account Safe

  • Use a strong, unique password — at least 8 characters, mixing letters and numbers.
  • Never share your password or OTP codes with anyone, including Gupi support staff.
  • Log out of your account when using shared or public devices.
  • Keep your registered email address up to date so you can receive OTPs.
  • Contact us immediately if you suspect your account has been accessed without permission.

Reporting a Security Issue

If you discover a security vulnerability in our platform, please report it responsibly to [email protected] with "Security Disclosure" in the subject line. We take all reports seriously and will investigate promptly. Please do not exploit or publicly disclose vulnerabilities before we have had a chance to address them.

Contact

For security-related enquiries: [email protected]

← Back to Gupi Mobile