arrow icon

Contract stuff... Let’s not make it boring!

At Contractbook, we prioritise the security of our systems. 🔒 
We recognise the importance of collaboration with the security community and value the contributions of third-party researchers in helping us identify vulnerabilities.

Last updated: 31 Jan 2024

Disclosure Policy

1. Scope

This policy outlines our commitment to working with external security researchers, ethical hackers, and individuals who discover and report security weaknesses in our systems.

The policy applies to anyone who discover potential security vulnerabilities within Contractbook’s digital assets e.g. websites, applications, and network infrastructure.

2. Reporting Vulnerabilities

If you believe you have discovered 
a potential vulnerability, please let us know.
security@contractbook.com

We encourage responsible disclosure of any 
discovered vulnerabilities. If you believe you have 
found a security issue, we request that you:

  • A. Notify Us Privately: Contact our security team for reporting security vulnerabilities. Please refrain from publicly disclosing the issue until we have had an opportunity to review and address it.

  • B. Provide Sufficient Details: When reporting a vulnerability, please include as much information as possible to help us understand the nature and potential impact of the issue. This may include steps to reproduce the vulnerability, associated risks, and any relevant evidence.

  • C. Respect User Privacy: In your testing or research, ensure that you do not access, modify, or disclose personal data or confidential information without permission.

Please allow us with a reasonable amount of time to resolve 
the issue before disclosing it to the public or a third party.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Contractbook service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

3. Our Commitment

Upon receiving a report of a security 
vulnerability, we are committed to the following:

  • A. Timely Response: We will acknowledge the receipt of your report promptly and work diligently to investigate the issue.

  • B. Communication: We will maintain open and transparent communication throughout the resolution process, providing updates on the status and expected timeline for remediation.

  • C. Non-Retaliation: We will not pursue for legal action against individuals who report security vulnerabilities in good faith and in accordance with this policy.

Once a vulnerability is confirmed, we will take appropriate 
measures to address and remediate it. Our goal is to protect 
our systems and the security of our users and customers.

4. Refrain from

While researching, we ask you to refrain from:

  • A. Network denial of service
    (DoS or DDoS) tests or other tests that impair system or data access

  • B. Sending unsolicited emails or spam

  • C. Social engineering or phishing of Contractbook 
employees, clients, or contractors

  • D. Any interference or physical testing against Contractbook's property or data centers (e.g. office access, tailgating)

❤️ Thank you for helping to keep Contractbook and our users safe!

5. Other

We may revise this guideline from time to time. 
The up-to-date version of the guideline is available on our website.

Contractbook is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@contractbook.com or reach out in the chat.