Security and Data Protection
Data Breach Response Policy
priority point of contact: firstname.lastname@example.org
Any parties who suspect a vulnerability or data breach should send an encrypted email to:
Corporate PKI/PGP can always be found via github/freight-trust/pki
The following is data that Freight Trust stores and considers sensitive. If any such data becomes accessible to an unauthenticated / unauthorized user, that will be considered a Data Breach:
Private repository contents (i.e. source code), whole or in “diff” form Private user email addresses Any secrets or tokens which grant access to the above
NOTE: Repository names, commit shas, Pull Request numbers, Pull Request descriptions, and GitHub user or organization names are not considered sensitive for the purposes of this response policy.
Expectations In the event of a Data Breach,
All running services will be stopped to prevent further access Impacted users will be notified by email within 24 hours, email@example.com will be notified within 24 hours, along with any other vendors that may be affected.
Freight Trust routinely monitors for patched vulnerabilities in the software and infrastructure it depends on. Most such vulnerabilities are not at risk of causing a Data Breach. In such cases, they will be patched without user-notification or data-breach response activities. These are published in our RSS Feed.
FreightTrust and Clearing Corporation
- Phone: (+1)628 221 5916