Security Disclosure
Last Updated: January 15, 2023
Security at Red Gem
At Red Gem, we take security seriously. We implement industry-standard security measures to protect your data and our systems from unauthorized access or disclosure. This page outlines our security practices and provides information about reporting security vulnerabilities.
Security Certifications
- • SOC 2 Type II Compliant
- • GDPR Compliant
- • CCPA Compliant
Data Protection Measures
- • End-to-end encryption for all data
- • Regular security assessments
- • Multi-factor authentication
- • Continuous monitoring
Reporting a Vulnerability
If you believe you've found a security vulnerability in any Red Gem-owned repository, service, or product, we encourage you to notify us through our coordinated disclosure process:
- Email us at [email protected] with a detailed description of the vulnerability.
- Include details such as steps to reproduce, affected versions, and any potential impact.
- Allow time for us to review and address the vulnerability before any public disclosure.
Responsible Disclosure
We commit to:
- Acknowledge receipt of your vulnerability report within 24 hours
- Provide an estimated timeframe for addressing the vulnerability
- Notify you when the vulnerability is fixed
- Recognize your contribution if you wish (unless you prefer to remain anonymous)
Our Security Measures
Red Gem employs a comprehensive security program that includes:
- Access Controls: Strict access controls with least privilege principles
- Data Encryption: All data is encrypted both in transit and at rest
- Security Testing: Regular penetration testing and vulnerability scanning
- Employee Training: Ongoing security awareness training for all employees
- Incident Response: Established incident response procedures
- Vendor Management: Security reviews of third-party services