Skip to main contentFreight Trust

Security and Data Protection

Security and Data Protection
General Contact
Request Information
E-Mail
corporate@freighttrust.com
Terms of Service

Data Breach Response Policy

priority point of contact: sam@freighttrust.com

Incident Response Plan Software Defects Smart Contract Monitoring General Security Procedures

Responsible Disclosure

Any parties who suspect a vulnerability or data breach should send an encrypted email to:

sam bacha sam@freighttrust.com operations corporate@freighttrust.com

PGP Keys

Corporate PKI/PGP can always be found via github/freight-trust/pki

Fingerprint 6F6EB43E

Sensitive Data

The following is data that Freight Trust stores and considers sensitive. If any such data becomes accessible to an unauthenticated / unauthorized user, that will be considered a Data Breach:

Private repository contents (i.e. source code), whole or in “diff” form Private user email addresses Any secrets or tokens which grant access to the above

NOTE: Repository names, commit shas, Pull Request numbers, Pull Request descriptions, and GitHub user or organization names are not considered sensitive for the purposes of this response policy.

Expectations In the event of a Data Breach,

All running services will be stopped to prevent further access Impacted users will be notified by email within 24 hours, security@github.com will be notified within 24 hours, along with any other vendors that may be affected.

Non-Data-Breach Vulnerabilities

Freight Trust routinely monitors for patched vulnerabilities in the software and infrastructure it depends on. Most such vulnerabilities are not at risk of causing a Data Breach. In such cases, they will be patched without user-notification or data-breach response activities. These are published in our RSS Feed.

Contact us

FreightTrust and Clearing Corporation