Security
How we protect your data and how to report vulnerabilities.
Leverdocs takes the security of our systems and data seriously. We welcome responsible disclosure of security vulnerabilities from security researchers, customers, and the general public.
Leverdocs is certified to ISO/IEC 27001:2022, the international standard for information security management systems. The certification is issued by Global Compliance Certification and accredited by JAS-ANZ.
ISO/IEC 27001:2022
Certificate 1684-I-1
- Standard
- ISO/IEC 27001:2022
- Certificate number
- 1684-I-1
- Issued
- 24 April 2026
- Valid through
- 23 April 2029
- Certifying body
- Global Compliance Certification
- Accreditation
- JAS-ANZ
- Statement of Applicability
- 11 March 2026
- Scope
- The information security management system for the provision of an AI document generator. (virtual operations)
Please report security vulnerabilities by email to: security@leverdocs.com
In your report, please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue (proof of concept)
- The affected system, URL, or component
- Your contact details so we can follow up
Please do not include sensitive data (e.g., customer data, credentials) in your report. If you need to share sensitive information, we will arrange a secure channel.
This policy applies to vulnerabilities in:
- The Leverdocs web application (leverdocs.com)
- Leverdocs APIs
- Leverdocs infrastructure
This policy does not apply to:
- Social engineering (e.g., phishing) of Leverdocs staff
- Denial of service attacks
- Physical security of Leverdocs premises
- Third-party applications or services that integrate with Leverdocs
| Step | Timeframe |
|---|---|
| Acknowledgement of your report | Within 3 business days |
| Initial assessment and triage | Within 5 business days |
| Status update on remediation progress | Within 15 business days |
| Resolution notification | When the fix is deployed |
- We will not take legal action against individuals who discover and report security vulnerabilities in accordance with this policy
- We will treat your report confidentially and will not share your personal information with third parties without your permission, except as required by law
- We will work with you to understand and resolve the issue promptly
- We will credit you (if you wish) when we disclose the vulnerability
When researching and reporting vulnerabilities, please:
- Do not access, modify, or delete data that does not belong to you
- Do not degrade the performance or availability of our services
- Do not exploit a vulnerability beyond what is necessary to demonstrate it
- Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it
- Act in good faith and comply with all applicable laws