Responsible disclosure

Security disclosures

At Continual, the security of our platform and customer data is our top priority. This document outlines our policies for responsible vulnerability disclosure and provides instructions on how to report security issues to our team.

Reporting a vulnerability

If you discover a security vulnerability in our platform or services, please report it to us by emailing security@continual.ai. To help us effectively investigate and address the issue, please include the following information in your report:

  • A clear and concise description of the vulnerability, written in English.
  • Proof-of-concept code or screenshots demonstrating the issue, if available.
  • Step-by-step instructions on how you discovered the vulnerability.
  • An explanation of the potential impact of the vulnerability and any suggestions for remediation.

We request that you do not publicly disclose any vulnerabilities until 90 days after reporting them to us, to allow sufficient time for our team to investigate and address the issue.

Our commitment to you

When you responsibly report a security vulnerability to Continual, you can expect the following from us:

  • An initial response acknowledging receipt of your report within 2 business days.
  • Regular updates on our progress in investigating and addressing the issue.
  • Recognition and credit for your contribution to improving the security of our platform, if the vulnerability is verified.
  • A financial reward for verified high and critical severity vulnerabilities, as a token of our appreciation for your efforts.

We value the contributions of security researchers and are committed to working collaboratively to ensure the security of our platform and protect our customers' data.

Legal considerations

Continual will not pursue legal action against individuals who responsibly disclose vulnerabilities in accordance with this policy. To qualify for this safe harbor, you must:

  • Conduct your testing in a manner that does not harm Continual, our customers, or their data.
  • Adhere to the guidelines and expectations outlined in this responsible disclosure program.
  • Obtain explicit consent before testing systems or applications owned by our customers.
  • Comply with all applicable laws and regulations in the course of your testing and disclosure.

We reserve the right to modify or terminate this policy at any time, without prior notice.

If you have any questions or concerns regarding our security disclosure policy, please don't hesitate to contact us at security@continual.ai.

Data privacySystem status ↗