GetUp is an all-in-one operations platform for companies that run multiple brands or multiple locations. A single panel covers staff shift scheduling, tablet-based check-in, payroll, multi-company invoicing, shopping and procurement lists, an external accountant portal and a built-in AI assistant. GetUp is sector-agnostic: every industry gets the same panel with no vertical privileged over another. For Polish customers, an optional KSeF FA-3 e-invoicing connector is available.

GetUp is built for any business that has to manage more than one company, brand or location — regardless of sector. Owners, managers and teams in any industry use the same panel for staff, shifts, payroll, invoices and shopping instead of stitching together a patchwork of tools.

Is GetUp tied to any specific sector?

No. GetUp is a sector-agnostic business operations platform. No industry is privileged over another. The core modules — staff, shifts, payroll, invoicing, shopping lists, accountant access and the AI assistant — apply equally to any multi-brand or multi-location company in any sector.

Which industries use GetUp?

GetUp is deliberately sector-agnostic. Typical users include restaurant and bar groups, retail chains, hotel and short-term rental networks, gyms and studios, beauty and wellness chains, car washes and auto services, cleaning companies, medical and dental clinics, multi-site construction firms, staffing agencies, legal and accounting practices, and multi-brand e-commerce sellers — but the product applies equally to any industry that runs more than one brand or location.

Does GetUp support KSeF e-invoicing in Poland?

Yes. GetUp generates KSeF FA-3 compliant invoice XML, submits through the encrypted KSeF session API, archives the response UUID, and exposes the full history to both the company and its external accountant. Both KSeF Demo and Production environments are supported.

Which languages does GetUp support?

The GetUp panel is fully localised in English, Polish and Turkish. The built-in AI assistant answers in whichever of the three languages the user speaks.

Which countries is GetUp available in?

GetUp is operated from Poland and is available worldwide over the web. It has first-class localisation and active users in Poland, Turkey and the wider European Union, with full language support for English, Polish and Turkish.

How much does GetUp cost?

GetUp offers a Starter plan at €69 / $79 / 299 zł per month and a Pro plan at €129 / $139 / 499 zł per month. Both plans include all modules and a 14-day free trial with no card required. Annual billing and custom enterprise plans are available on request.

Is there a free trial?

Yes. GetUp offers a 14-day free trial on both Starter and Pro with no credit card required. You can start at https://getup.dev/register.

Is there a free plan?

GetUp is a paid SaaS. There is no permanent free tier, but every new tenant gets a 14-day free trial of either plan with no card required.

Does GetUp have an AI assistant?

Yes. The GetUp assistant is a chat interface embedded into the panel that knows both the GetUp product and the tenant's own data (shifts, invoices, payroll, shopping), respecting the same role-based permissions as the UI. It answers in English, Polish or Turkish.

How does GetUp compare to Deputy, When I Work, Homebase or Connecteam?

Deputy, When I Work, Homebase and Connecteam specialise in workforce and shift scheduling. GetUp covers shifts plus multi-company invoicing, payroll, procurement, an external accountant portal and an AI assistant — all in one panel. If a business only needs shift scheduling a specialist tool is fine; if it runs multiple companies or locations and wants invoicing, payroll and procurement in the same place, GetUp is purpose-built for that.

How does GetUp compare to Odoo or NetSuite?

Odoo and NetSuite are full ERP suites with long implementations, per-module pricing and a steep learning curve. GetUp is a flat-priced, self-serve, SMB-scale operations platform focused specifically on multi-brand and multi-location small and mid-sized businesses that do not need the weight of a full ERP.

How does GetUp compare to Fakturownia, iFirma or InFakt in Poland?

Fakturownia, iFirma and InFakt are invoicing and bookkeeping tools. GetUp includes KSeF-ready multi-company invoicing as one of several modules, but also covers staff shifts, tablet check-in, payroll, shopping and procurement, an external accountant portal and an AI assistant — so a multi-brand business does not need to combine an invoicing tool with three separate apps.

Does GetUp support multiple companies under one account?

Yes. A single GetUp tenant can hold many legal entities. Each company has its own issuer profile, numbering series, counter-parties and invoices, but everything is managed from one panel with shared staff, shifts and AI context.

Can an external accountant access the panel?

Yes. Every tenant can invite an external accountant with a scoped login (read-only or export-only) at no extra seat fee. The accountant sees invoices and financial data but not HR or shift data unless explicitly granted.

Does GetUp do payroll?

Yes. GetUp computes hourly payroll from the real check-in data captured on the tablet module, across multiple companies and locations. It produces exports for the company's accountant and feeds directly into the invoicing module where relevant.

Does GetUp work on mobile?

Yes. The GetUp panel is responsive on iOS and Android and can be installed as a progressive web app. The tablet check-in module is explicitly designed to run on a shared tablet placed at each location.

Is GetUp GDPR compliant?

Yes. GetUp is operated from the European Union by a Polish entity (AUTH sp. z o.o., Warszawa). Data is stored in Google Cloud / Firebase EU regions. A standard Data Processing Agreement is available at https://getup.dev/dpa.

Where is GetUp's data stored?

Tenant data is stored in Google Cloud / Firebase EU regions. The application is deployed on Vercel's edge network. Both platforms are EU-GDPR aligned.

GetUp is built and operated by AUTH sp. z o.o., a Polish company registered in Warszawa at Marszałkowska 58/15 (KRS 0001043319, NIP 5273062913). The canonical URL is https://getup.dev and support is available at support@getup.dev.

Does GetUp have an API?

GetUp uses Firebase under the hood and exposes internal endpoints under /api. A public integration API is on the roadmap; teams that need automation or data export today can get help via support@getup.dev.

Where can I report a security issue?

GetUp publishes an RFC 9116 security.txt at https://getup.dev/.well-known/security.txt. Preferred contact for responsible disclosure is support@getup.dev.

Reference

Security & data

A practical, non-marketing description of how GetUp protects your data. Where secrets live, what we encrypt, how long we retain things, and the surfaces you control.

Hosting and isolation

GetUp runs on Vercel for the web tier and Firebase Firestore + Cloud Storage for data. Each customer is a tenant — a top- level company doc with all child collections scoped under it. Cross-tenant access is blocked at the Firestore rules layer (every read explicitly checks request.auth.token.companyId == resource.companyId) and re-checked in every API route, so a bug in one layer doesn't expose another tenant's data.

Authentication

Sessions — signed JWT in an HTTP-only, Secure, SameSite=Lax cookie. Cookie name getup_session. Rotated on every sign-in.
Passwords — bcrypt-hashed at rest (work factor 12). We never store plaintext, and reset links use single-use 30-minute tokens that auto-invalidate when a new one is issued.
TOTP — RFC 6238 second factor on the company portal. Pair any standard authenticator (Google Authenticator, 1Password, Authy). The shared secret is encrypted in Firestore; we never display it after the initial QR setup.
Google SSO — optional on the company portal. The OAuth flow only requests the openid + profile + email scopes; we don't request Drive or Calendar access via the sign-in flow.
Forgot-password — generic success response regardless of whether the email exists, so the endpoint can't be used to enumerate accounts.

Role-based access

Four customer-facing roles: company (owner / manager), staff (employee), accountant (external bookkeeper), tablet (anonymous kiosk). Every request carries a role; every API route checks it. The accountant role specifically cannot reach payroll or employee records under any path. Tablet sessions are scoped to a single location and can only mint check-in / check-out codes.

Encryption

In transit — TLS 1.2+ everywhere, HSTS enabled. No plaintext fallback.
At rest — Firestore + Cloud Storage are Google-encrypted at rest by default. On top of that we encrypt sensitive secrets (KSeF refresh tokens, integration OAuth refresh tokens, TOTP shared secrets) with AES-256-GCM using application-tier keys.
KSeF session — invoice content is encrypted with an RSA-OAEP-wrapped AES-256-CBC session key before transit per the KSeF protocol; the encryption is symmetric to what the gateway expects, not a layer we added.

Logging and what we don't log

Two distinct logs:

KSeF audit log — at /api/ksef/audit. Records every request, response, status, and token rotation. Each company can view its own audit trail.
Activity log — sensitive actions per workspace: sign-ins, password changes, role changes, deletions. Auto-pruned after 12 months under GDPR Article 5(1)(c) (data minimisation).

Things we do not log:

Passwords. Not in cleartext, not at any layer.
Authorization headers. Tokens get redacted at the HTTP layer before logs are written.
KSeF invoice contents. The audit log records that an invoice was submitted (idempotency key + KSeF reference) but not its line items.
AI assistant prompts and responses. Per-tenant data flows through the assistant in-memory; we don't persist chat transcripts beyond the current session.

Retention

What stays, for how long:

Operational data — kept while the workspace is active. Deleted with the workspace on day 30 of cancellation.
Activity logs — auto-pruned after 12 months even on active workspaces.
KSeF inbound + outbound XML — kept while the workspace is active for the company that owns them. KSeF documents already submitted to the Polish gateway remain on the gateway side per Polish law — only the local archive is removed when you delete the workspace.
Backups — Firestore point-in-time recovery spans 7 days. After that, deletion is final.
Stripe invoices — Stripe holds these per their own retention; they remain available even after we delete your workspace.

Export and delete

Two GDPR rights live in Account settings:

Export my data — assembles a ZIP with every employee, shift, invoice, payroll period, KSeF document and audit-log entry, and emails it to the company owner. Full flow at Export your data, or delete the workspace.
Delete workspace — schedules deletion with a 30-day grace window. Cancellable at any point during the window.

Reporting a vulnerability

If you find a security issue, please don't go public — email security@getup.dev with reproduction steps. Our RFC 9116 security.txt lists the contact, the canonical URL and the preferred language. We acknowledge within one business day and aim to ship a fix or mitigation before public disclosure.

Where to go next

Something still unclear?

Open a workspace and try it, or email us with your scenario — we reply in hours, not days.

Start a workspace Email support