Skip to main contentFreight Trust

Security and Data Protection

Security and Data Protection
General ContactE-MailTerms of Service

Data Breach Response Policy

priority point of contact:

Responsible Disclosure

Any parties who suspect a vulnerability or data breach should send an encrypted email to:

PGP Keys

Corporate PKI/PGP can always be found via github/freight-trust/pki

Sensitive Data

The following is data that Freight Trust stores and considers sensitive. If any such data becomes accessible to an unauthenticated / unauthorized user, that will be considered a Data Breach:

Private repository contents (i.e. source code), whole or in “diff” form Private user email addresses Any secrets or tokens which grant access to the above

NOTE: Repository names, commit shas, Pull Request numbers, Pull Request descriptions, and GitHub user or organization names are not considered sensitive for the purposes of this response policy.

Expectations In the event of a Data Breach,

All running services will be stopped to prevent further access Impacted users will be notified by email within 24 hours, will be notified within 24 hours, along with any other vendors that may be affected.

Non-Data-Breach Vulnerabilities

Freight Trust routinely monitors for patched vulnerabilities in the software and infrastructure it depends on. Most such vulnerabilities are not at risk of causing a Data Breach. In such cases, they will be patched without user-notification or data-breach response activities. These are published in our RSS Feed.

Contact us

FreightTrust and Clearing Corporation Phone: (+1)628 221 5916