Security & Vulnerability Disclosure

Last Updated: Jun. 4, 2026

Our Commitment

At Diligent4 we take the security of our platform and the protection of our customers' data seriously. We value the work of security researchers and the broader community in helping us keep our service safe. If you believe you have found a security vulnerability in any Diligent4 product or service, we encourage you to report it to us responsibly.

Reporting a Vulnerability

Please report security vulnerabilities by email to security@diligent4.com. To help us triage and resolve the issue quickly, please include as much of the following as you can:

  • A clear description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • The affected URL, endpoint, or component
  • Any proof-of-concept code, screenshots, or logs that support your report
  • How you would like to be credited (optional)

What to Expect

When you submit a report, we will do our best to:

  • Acknowledge receipt of your report within 3 business days
  • Provide an initial assessment and triage of the issue within 10 business days
  • Keep you informed of our progress as we work toward a resolution
  • Notify you once the vulnerability has been remediated

Responsible Disclosure Guidelines

To protect our customers and their data while you investigate, we ask that you:

  • Give us a reasonable amount of time to investigate and remediate an issue before publicly disclosing it
  • Make a good-faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services
  • Only interact with accounts you own or have explicit permission to access
  • Do not access, modify, or delete data that does not belong to you
  • Do not perform denial-of-service (DoS) testing, social engineering, spam, or physical attacks against our staff or infrastructure

Safe Harbor

We consider security research and vulnerability disclosure conducted in good faith and in accordance with this policy to be authorized. We will not pursue or support legal action against researchers who comply with these guidelines. If legal action is initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

Contact

For all security-related matters, please contact us at:

Email: security@diligent4.com