Book Demo
Our Software
Solutions
solutions
Programs
Program Areas
Pricing
Resources
Resources
Contact Us
Book Demo
Let’s Talk

Responsible Disclosure Policy

Effective Date: 01/01/2026

  1. Purpose 

The purpose of this Responsible Disclosure Policy is to establish a clear, secure, and collaborative process for reporting and addressing security vulnerabilities in Casebook’s products, services, and infrastructure.

  1. Scope 

This policy applies to all security vulnerabilities discovered in any system, application, service, or infrastructure that is owned, operated, or controlled by the Company, including but not limited to:

  1. Production, staging, and development environments
  2. Web applications, APIs, and mobile applications
  3. Cloud infrastructure, hosting environments, and network services
  4. Authentication, authorization, and identity management systems
  5. Data storage, processing, and transmission systems

The policy covers vulnerabilities identified by external security researchers, customers, partners, vendors, and internal personnel when those issues are reported outside of normal operational or customer support channels.

  1. Policy

The following policy documentation shall be posted to a publicly available Casebook web site:

Responsible Disclosure Policy

Data security is a top priority for Casebook, and Casebook believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Casebook’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

  1. Please report all security incidents, potential vulnerabilities, or other security inquiries to security@casebook.net. We will acknowledge your email promptly.
  2. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. 
  3. Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Casebook service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
  4. CJIS Incident Reporting: In the event of a security incident involving Criminal Justice Information (CJI), Casebook will immediately report the incident to the appropriate Local Agency Security Officer (LASO) and/or CJIS Systems Officer (CSO) in accordance with the CJIS Security Policy incident reporting requirements.

Exclusions

While researching, we’d like you to refrain from:

  1. Distributed Denial of Service (DDoS)
  2. Spamming
  3. Social engineering or phishing of Casebook employees or contractors
  4. Any attacks against Casebook’s physical property or data centers

Thank you for helping to keep Casebook and our users safe!

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at www.casebook.net/responsibledisclosure.

Casebook is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@casebook.net