Security

Please report security vulnerabilities by email to: security@leverdocs.com

In your report, please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue (proof of concept)
• The affected system, URL, or component
• Your contact details so we can follow up

Please do not include sensitive data (e.g., customer data, credentials) in your report. If you need to share sensitive information, we will arrange a secure channel.

This policy applies to vulnerabilities in:

• The Leverdocs web application (leverdocs.com)
• Leverdocs APIs
• Leverdocs infrastructure

This policy does not apply to:

• Social engineering (e.g., phishing) of Leverdocs staff
• Denial of service attacks
• Physical security of Leverdocs premises
• Third-party applications or services that integrate with Leverdocs

• We will not take legal action against individuals who discover and report security vulnerabilities in accordance with this policy
• We will treat your report confidentially and will not share your personal information with third parties without your permission, except as required by law
• We will work with you to understand and resolve the issue promptly
• We will credit you (if you wish) when we disclose the vulnerability

When researching and reporting vulnerabilities, please:

• Do not access, modify, or delete data that does not belong to you
• Do not degrade the performance or availability of our services
• Do not exploit a vulnerability beyond what is necessary to demonstrate it
• Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it
• Act in good faith and comply with all applicable laws