Upside Down Research, LLC · Est. MMXXIII A little different look at the world
Housecarl Tupshar
Operational Open console →
Security policy

Security

Overview

Tupshar uses standard security practices:

  • HTTPS/TLS — All connections encrypted
  • Bearer tokens — API keys with Argon2id hashing
  • Tenant isolation — Each key gets an isolated database partition
  • Rate limiting — Protection against abuse
  • Input validation — All requests validated

API Key Security

Your API key is sensitive.

  • Store in environment variables, not in code
  • Rotate regularly (preview keys expire 180 days after creation)
  • Never commit to version control
  • Never share publicly

Lost a key? Email us immediately: paul@upside-down-research.com

HTTPS & TLS

All connections to https://api.tupshar.housecarl.cloud are encrypted with TLS 1.3.

Tenant Isolation

Each API key owns an isolated logical partition (scoped by its owner_key_id). A key can only ever read its own documents — your data is invisible to other keys.

Audit Considerations

Tupshar is research preview software. If you process sensitive data:

  • Data residency — Data is stored in upside-down-research.com infrastructure
  • Backup retention — Determined by database policies
  • Audit logs — Limited in v1; planned for production
  • Compliance — No SOC2, HIPAA, or regulatory certifications yet

Known Limitations

  • Single-replica database — No redundancy in preview
  • Unverified email signup — No email verification in v1
  • No encryption at rest — Database encryption planned for v2
  • Limited audit trail — Audit logging is planned

Security Posture

Security is a priority, and we apply standard secure-development practices throughout. Tupshar is research-preview software — it has not undergone a formal third-party security audit. Do not store sensitive, regulated, or production-critical data in the preview service.

If you discover a security issue, please report it privately (see below) rather than waiting for a completed audit to surface it.

Reporting Vulnerabilities

Found a security issue?

Do not open a public issue. Email: security@upside-down-research.com

Include:

  • Description of the issue
  • Steps to reproduce
  • Potential impact

We'll investigate and coordinate a fix with you privately.

Privacy

See Privacy Policy for data handling details.