Back to Home

Security Policy

CaseClock is committed to protecting the security and privacy of our users. We appreciate the security research community's efforts in responsibly disclosing vulnerabilities.

Responsible Disclosure Guidelines

If you believe you've found a security vulnerability in CaseClock, we encourage you to report it to us responsibly. Please follow these guidelines:

  • • Email your findings to security@caseclock.ai
  • • Provide detailed information about the vulnerability, including steps to reproduce
  • • Allow us reasonable time to investigate and address the issue before public disclosure
  • • Do not access, modify, or delete data belonging to other users
  • • Do not perform actions that could negatively impact our services or users

Our Commitment

We commit to:

  • Respond within 48 hours to acknowledge receipt of your report
  • • Keep you informed of our progress addressing the vulnerability
  • • Credit you for your discovery (if desired) on our Security Acknowledgments page
  • • Work with you to understand and resolve the issue promptly

Scope of Testing

In Scope

  • • www.caseclock.ai and its subdomains
  • • CaseClock web and mobile applications
  • • API endpoints and integrations
  • • Testing using your own test accounts
  • • Reporting vulnerabilities without exploitation

Out of Scope

  • • Social engineering attacks (phishing, vishing, etc.)
  • • Physical attacks against CaseClock facilities or personnel
  • • Denial of Service (DoS/DDoS) attacks
  • • Third-party services and websites
  • • Spam or social engineering of CaseClock employees or contractors
  • • Testing that impacts other users or degrades service quality

Recognition

While we do not currently offer a monetary bug bounty program, we deeply appreciate security researchers' contributions to keeping CaseClock secure.

Researchers who report valid vulnerabilities will be:

  • • Acknowledged on our Security Acknowledgments page (with your permission)
  • • Kept informed throughout the remediation process
  • • Considered for future security collaboration opportunities

Legal Safe Harbor

CaseClock will not pursue legal action against security researchers who:

  • • Follow these responsible disclosure guidelines
  • • Act in good faith and avoid privacy violations
  • • Do not exploit vulnerabilities beyond necessary demonstration
  • • Do not intentionally harm CaseClock or its users

Contact Information

For security-related inquiries, please contact us at:

security@caseclock.ai

For general inquiries, please visit our homepage or contact hello@caseclock.ai