Reasons for concern
We understand that in our system on our servers you may be storing information that covers:
- Your team members' contact information.
- Where and when team members will be in a physical space.
- Wages and promotions.
- Your internal business processes.
There is a small risk that nefarious people will attempt to get that information from our servers by hacking the site. Some level of concern on your part is normal and responsible. We wanted to give you an overview of our processes to protect that information.
Steps we take to mitigate those concerns
We take appropriate steps to secure that information and our communications. Some things we do are:
- Utilize bank grade encryption for communication of data between our computers and your computers.
- Follow industry best practices to secure our servers. That includes routinely upgrading the installed software, restricting physical access to them, setting strong passwords and using other technological measures to restrict access.
- our hardware is redundant and professionally maintained.
- Your credit card information is stored only at stripe.com, our payment processor.
Reporting an incident
To report a non-security related issue please email our normal support address firstname.lastname@example.org . If you believe you have discovered a security vulnerability in Cooperation please email our founder, Paul DeBruicker, at email@example.com. The public key is below.
Please do not publicly disclose any discovered security vulnerability without express written consent from us. If you believe you've discovered a security issue please provide us
- Steps to reproduce.
- A screenshot of the error (if appropriate).
- A secure method to contact you.
Unfortunately we do not provide monetary compensation for discovering vulnerabilities at this time. Please do not use automated security scanning tools outside of a very narrow scope. Please do not modify any data outside of test accounts. Thank you for helping us make Cooperation safer and better for all its users. I really appreciate it and the work other industrious security researchers have shared that makes software better today.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFMGkd0BCADzDOEoKKy15bwwQctlgoBDl8ZFRuGR+T4yrFsQe89sa9CHleRw uGZNiSFrG9SLcDMMGBCMLSFmaQkWlh2bBer3H8f6/s9IVhuhM0N0Fptx5sUIU7Rr P+TyqYNnKRwB8KjvHejSLM/lmSRMlxxLxF9ZcKPq3m4H/n0Q8r8hoNXYckNZewHJ OM44MqkyLf4Ngp4XFwElQpRTDhCrf/ddL4gJYVPNNXSAW6bssevHQ4U4fK7ci22t fW5KWOXrUktbh9yZltaaYV1NCPCRXkWqFQ/Z7IfD0/E7wiSMJ1/3zon9x2MDBxx6 QXYSsUyO+P/yBrA5j9ZxEoZ73RT5/jRrM21zABEBAAG0V1BhdWwgRGVCcnVpY2tl ciAoVGhhbmtzIGZvciByZXBvcnRpbmcgdGhlIHNlY3VyaXR5IGluY2lkZW50Likg PHBhdWxAZ2V0Y29vcGVyYXRpb24uY29tPokBOAQTAQIAIgUCUwaR3QIbAwYLCQgH AwIGFQgCCQoLBBYCAwECHgECF4AACgkQOmG8LaiTe4M3mQf9FKa+zoGtuKIHquC0 ks92db/IeENQAEC2M9YuVq1PEpPwNO68df2GAyR0JCRmAvTliTl7jMfbCXzjIUMo rLlZQbDEDxgToVZnvfOR58JGpLbhh7OxjPCGGxa6rTs4ICtd9mAWusvrbR8SpJlh xPnmGkMCIhwL5YLZKFK4ZFdvhtM5eNX+CCdusfkuu0yj5ccm393+kAJiGQpl1WCU eEf7G2wSJodD6fCnEBn+ghCtH1/iI4iEkWc6nYZUmplg+ku+ea//nxo+k3UkiMUo gz56gqjGgo8HUZVC+6xCOup+I4hbhom5w1D0XKoiTxM6UxMEgtF6/QrKUxJfVR36 Ujpn7rkBDQRTBpHdAQgA2/DAzCBYzMa39DntwcKLQK5SRzAbgYtSwzcgdTbI+DCc hbcBWan1gnxwz+A4t7Xilx8WSNoDlD477FeV+4l0m2K0ZOeXsJs1nzKL/e2GMwMW vtoLkVOYxfQBLzGK15igMy5sSgLQUtfBZeudrbzP3icpqFNs0CUtJkjnemuS/s44 gbCVytnj/NPeaoEcbjj/wBOZvyyliw+txaQoaMPmoBYKzpkIeCYcpT+Wg6JHNXUx 3itNLlTbNmgz5rn7EpDISVl+D4nqvDg+39PbQQgP+bcU0YWkKX3jcobfws5xilJ2 uBF62XBYGSN3YugCDJxUlBEewLcZ/k9JQqUU/V/KewARAQABiQEfBBgBAgAJBQJT BpHdAhsMAAoJEDphvC2ok3uDydgIAKnFiC6Tb759t/DAOVbvLozr5zVE3okcAtIC +D8EDbtdZtEQN+plbv92Il1n7nyCnYW8GyTqe0D97ewj96KDpxveoLtxsXVjZohx vd/jHHmy0sMq5x4QzkztmzAeDoD+GjXB5vz35sxserHkA1eKldtIFU5Wtmp2u5ad zF5DM0iSldRnrRFarmiRmxWfZSxL/Wsa5FQQ6Vxmo1dnN54Rg87W041uZj4Xb+IP BRiO7pD7WtZlHRaAXghegNjtqJ+iILAJ12j0gxxJyrnWUOk/5dsBJgKtD1kthgLU SZe8M9QjDjhhseLmqRUlpG0+4GAeQe+m0n52ois9qGNh0LBtoFU= =XVU+ -----END PGP PUBLIC KEY BLOCK-----