📢 Webinar Alert! Reliability Automation - AI, ML, & Workflows in Incident Management. Register Here

Responsible Disclosure

Squadcast, Inc. (“Squadcast” or “we” or “our”) provides a number of “Services” through our cloud based application and platform for Incident response orchestration, alert management, Incident tracking, Incident resolution automation and any related analytics, provided by means of a software via https://www.squadcast.com (or at such other URL as Squadcast may designate from time to time), that includes but is not limited to any related application programming interfaces (API), interactive discussion areas, customer accounts and profiles, mobile applications, and other related components thereof, on an individual and collective basis (“Services” or “Service”). We have prepared this Privacy Policy to describe to you our practices regarding the use of information and other data that we collect from our website at https://squadcast.com (“Website”) and through our Services. For the purpose of this Privacy Policy: (i) “Personally Identifiable Information” or “PII” means information that can be used on its own or in combination with other information to identify or contact you, your Users, or your Contact Persons, such as name, phone number and/or e-mail address and (ii) “Anonymous Information,” means information that is not associated with or linked to your PII and does not permit the identification of individual persons.

User Consent

By using our website, submitting or making available information through our Website or Services as described below, you agree to the Terms of Service posted by us on https://squadcast.com/terms and the terms of this Privacy Policy and you expressly consent to the processing of your data in accordance with this Privacy Policy. In connection with providing Services, Squadcast acts as a data processor, not a data controller. This means that Squadcast follows your instructions as to how to use your PII. While we primarily process your data on servers located in the United States, your data may also be processed in the country in which it was collected and in other countries if necessary to do so as part of the Services. The laws in such other countries regarding the use and processing of data may be more or less stringent than the laws in the United States or your country. For example, when an alarm trigger set by you occurs, the Services will automatically retrieve the Contact Information supplied by you and use the method(s) you established to contact the applicable Contact Person. This will require telephoning or sending an email or SMS message or using other means to contact such Contact Person wherever they are located, which may not be the United States or your home country. Of necessity this means PII will be transmitted in or through the networks, servers, telephone system and so forth in the country where the Contact Person is located. You consent, and hereby authorize and assume responsibility, for Squadcast to use your data in this manner as part of offering the Services.

What Data We Collect

  1. Information Provided by Visitors: If you visit our Website or use our Services, we may collect PII from you, including, but not limited to, first and last name, organization name, e-mail address and password if you decide to register to receive information, schedule a demo, or create an account to use the Services. If you provide us feedback or contact us via e-mail (e.g., in response to an employment opportunity posted on our website), we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply, and any information that you submit to us, such as a resume. we will collect any information you voluntarily provide, and we may also request optional information to support your use of our services, such as your year of birth, gender and other demographic information. We collect information in the form of the content that you submit during your use of our services, such as photos, comments, ratings and other information you choose to submit. We may also collect information about you and your friends, from any social network you may have connected from, in order to provide you with a more personalized experience. We may receive Personal Information about you from other sources with which you have registered, companies who we have partnered with (collectively, “Partners”) or other third parties. We may associate this information with the other Personal Information we have collected about you. For instance, we may collect your user ID or profile information from third party sources in order to deliver a better experience of our products/services. If you choose to sign up to receive information about products or services that may be of interest to you, we will collect your email address and all related information. Additionally, we collect any information that you voluntarily enter, including Personal Information, into any postings, comments, or forums within the Squadcast community.
  2. Information that We may Collect via Technological Means: Our servers (which may be hosted by a third-party service provider) may collect data from you, such as browser type, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. For example, we, or our service providers, may track your IP Address when you access our services to assist with ad targeting. Like most Internet services, we automatically gather this data and store it in log files each time you visit our website or access your account on our network. We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual User. We also use various technical mechanisms such as cookies, pixels, clear GIFS and so forth to monitor how you are using our website and Services. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may link the information we store in cookies or through other mechanisms to the personally identifiable information you submit while on our site. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website. Persistent cookies can be removed by following Internet browser help file directions. You can also disable all cookies on your Internet browser. If you choose to disable cookies, some areas of our website may not work properly. The use of cookies and other mechanisms by our partners, affiliates or service providers is not covered by our privacy statement as we do not have access or control over them.
  3. Information that we may collect from our Customers: If you decide to purchase the Services and become a Squadcast customer (“Customer”), we will need to collect additional information from you.First, we – or our third-party credit card or payment processor on our behalf – will collect your payment information, such as a credit card number or account information. All of this is your PII. Second, you will need to set up your profile to be able to use the Services. This includes, among other things, telling us how to contact you or your organization when faults are detected by the organization’s monitoring tools, creating accounts for the on-call engineers on your team, and allowing permission to access information relevant to your account available from other tools you use. You will be able to set up your preferred contact methods (e.g., phone, SMS, email and/or push notifications) and you will be required to provide the applicable contact information (“Contact Information”), parts of which will also be PII. If you or your Users are supplying PII for Contact Persons, your represent and warrant that you have the right to provide such information.

How We Use the Data We Collect

We use PII for two basic purposes: to provide and improve the Website and to provide and improve the Services. In particular, we use Contact Information to send alerts to Customers in accordance with the Customer’s notification rules and schedule. We may also use PII to facilitate the creation of and secure your account on our network; identify you as a User in our system; provide improved administration of our Website and Services; improve the quality of experience when you interact with our Website and Services; respond to your inquiries related to employment opportunities or other requests; send promotional communications; provide you with hardcopy or electronic newsletters, or surveys; send upgrades and special offers related to our Services and related services and for other marketing purposes of Squadcast, should you request to receive such communications from us; make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback. We may also analyze request and usage patterns so that we may enhance the content of the Website and Services or improve their respective functionalities, or for other business purposes. We may use and display your full name and email address when you send an email notification to a friend through Squadcast or any other tool from which you have connected to Squadcast (such as in an invitation, or when sharing your content). Additionally, we use your email address to contact you on behalf of your friends (such as when someone sends you a personal message) or notifications from any other application/tool/website with whom you have registered to receive such notifications. We may use this e-mail address to contact you, for things such as notifications of limited edition shop sales and other related information. However, you may indicate your preference at any time to stop receiving further promotional communications.

When We May Disclose Data

We may share your data with third parties as part of providing the Services. This will include, among other things, to provide technical support, to process payments, and to contact your organization when an alarm is triggered. Third parties may include, among others, payment processors, technical support organizations, server and network hosts, telephone and messaging operators, and other telecommunications organizations. We require our third-party service providers to promise not to use such information except as necessary to provide the relevant services to us. Regardless of any choices you make regarding your PII (as described below), we may disclose PII if it is believed in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants; or (b) protect or defend the rights or property of Squadcast or users of the Services or related services. We may also share any information collected under this Privacy Policy in connection with any merger, sale of assets, financing, acquisition, or in any other situation where used information may be disclosed or transferred as one of our business assets, provided that the new provider has agreed to data privacy standards no less stringent than our own. We may share aggregate or anonymous data (including personal data that has been stripped of personally identifying characteristics) with third parties as part of providing our Service. Except as otherwise stated in this policy, we do not sell, trade, share, or rent the PII collected from our Services or the Website to third parties other than as outlined in this policy, unless you ask or authorize us to do so. We may in the future share some or all of your information with any subsidiaries, joint ventures, or other companies under a common control, in which case we will require them to honor this Privacy Policy. You understand that when you use Squadcast, certain information you post or provide through Squadcast, such as your name, profile, comments, posts and ratings, may be shared with other users and posted on publicly available portions of Squadcast, including without limitation, chat rooms, bulletin and message boards, along with other public forums. If you provide feedback to us, we may use and disclose such feedback for any purpose, along with any associated Personal Information. We will collect any information contained in such feedback but will treat the Personal Information in it in accordance with this Privacy Policy. You agree that any such comments and any email we receive becomes our property. We may use feedback for marketing purposes or to add to or modify our services without paying any royalties or other compensation to you. Please keep in mind that if you choose to disclose Personal Information when posting comments or other information or content through Squadcast, this information may become publicly available and may be collected and used by others, including people outside the Squadcast community. We will not have any obligations with respect to any information that you post to parts of Squadcast available to others, and recommend that you use caution when giving out personal information to others in public forums online or otherwise. You expressly consent to the sharing of your PII as described in this Privacy Policy.

Your Choices: We offer you choices regarding the collection, use, and sharing of your PII

  1. Opt-Out: We may periodically send you free newsletters and e-mails that directly promote the use of our site or the purchase of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” (either through your account or by following the unsubscribe instructions provided in the e-mail you receive). Notwithstanding your indicated preferences, when applicable we will send you notices of any updates to our Terms of Service, this Privacy Policy, and other communications that directly affect your status as a user of our site or Services. Despite your indicated email preferences, we may send you administrative emails regarding Squadcast, including, for example, administrative confirmations, and notices of updates to our Privacy Policy if we choose to provide such notices to you in this manner.
  2. By You. You agree to defend, indemnify and hold Squadcast, Inc. harmless from and against all claims, losses and damages, suits, government investigations, fines, actions, damages, settlements, losses, liabilities, costs and expenses (including reasonable attorneys’ fees) for any breach of your representations, warranties and covenants set forth in these terms.
  3. Ability to Edit or Delete Personal Information: You may edit any of your PII in your account, including Contact Information (and/or notification rules), by editing your profile. You may also request that we delete your account information by sending an email to help@squadcast.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We will respond to such requests within 30 days. When we delete or edit account information, it will be deleted from the active database, but may remain in our archives. We will otherwise retain your information for as long as your account is active or as needed to provide you services as well as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Information Processed under the Direction of Customers

As described above, Squadcast processes Contact Information under the direction of the applicable Squadcast Customer (data controller) and has no direct relationship with the individuals (e.g., Devops Personnel) whose personal data it processes. Any individual who seeks access, or who seeks to edit or delete inaccurate Contact Information should direct his or her query to the applicable customer. It is the customer’s responsibility to edit or delete (or have edited or deleted) such Contact Information as set forth above.

Security of Your Data

Squadcast is committed to protecting the security of your PII. We use a variety of industry-standard security technologies and procedures to help protect your PII from unauthorized access, use, or disclosure. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that Squadcast cannot fully eliminate security risks associated with PII and mistakes and security breaches may happen. If you have any questions about security on our Website, you can contact us at the information below.

Links to Third Party Sites

Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.

Right to Information

You may request and obtain from us once a year, free of charge, certain information about the PII (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you would like to make such a request, please submit your request in writing to support@squadcast.com.

Compliance

Because we value your privacy, we will take any necessary precautions, to the best of our ability, to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent, unless as otherwise explicitly stated in this Privacy Policy. As part of the California Online Privacy Protection Act, all users of our site may make any changes to their information at anytime by logging into their control panel and going to the 'Edit Profile' page. We are also in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not intentionally collect any information or PII from anyone under 13 years of age. Thus, if we obtain actual knowledge that a user is under 13, we will take steps to remove that user’s Personal Information from our databases. We recommend that children between the ages of 13 and 18 obtain their parent’s permission before submitting information over the internet. By using Squadcast, you are representing that you are at least 18 years old, or that you are at least 13 years old and have your parents’ permission to use our services.

Contact Information

Squadcast welcomes your comments or questions regarding this Privacy Policy. Please e-mail us at support@squadcast.com

Changes to This Privacy Policy

This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your information, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by posting notice of the changes on our website. Any material changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you of the changes, thirty (30) calendar days following our posting of notice of the changes on our site, or the date that you accept the changes (e.g., by clicking an “I Accept” button or similar means). These changes will be effective immediately for new users of our website, Services or related services. Please note that at all times you are responsible for updating your Personal Data to provide us with your most current e-mail address. If you object to any such changes, you must cease using Squadcast. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice.

Squadcast takes security vulnerabilities and concerns seriously. We encourage our users and members of the security community to privately and responsibly report possible vulnerabilities and incidents to us so that we can address these issues quickly.

‍Apart from our heartfelt thanks for valid submissions, we don't provide any cash rewards, swags or other alternative rewards at this time.

‍
For additional research into our products, good starting points include our Developer and API documentation, the Squadcast support documentation, and any material on the Community support forums.

Disclosure Policy

As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.

Follow HackerOne's disclosure guidelines.

Program Rules

  1. Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
  2. Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  3. When duplicates occur, we only triage the first report that was received (provided that it can be fully reproduced).
  4. Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
  5. Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  6. Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Out of Scope Vulnerabilities

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  1. Clickjacking on pages with no sensitive actions
  2. Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
  3. Attacks requiring MITM or physical access to a user's device.
  4. Previously known vulnerable libraries without a working Proof of Concept.
  5. Comma Separated Values (CSV) injection without demonstrating a vulnerability.
  6. Missing best practices in SSL/TLS configuration.
  7. Any activity that could lead to the disruption of our service (DoS).
  8. Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  9. Rate limiting or bruteforce issues on non-authentication endpoints
  10. Missing best practices in Content Security Policy.
  11. Missing HttpOnly or Secure flags on cookies
  12. Missing email best practices (Invalid, incomplete or missing SPF/DKIM/DMARC records, etc.)
  13. Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]
  14. Rate limiting on login pages. Our rate limits on other endpoints do exist, please read about them on our Developer Documentation site to ensure you are not reporting expected behavior.
  15. Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors).
  16. Tabnabbing
  17. Open redirect - unless an additional security impact can be demonstrated
  18. Issues that require unlikely user interaction

Note this is not an exhaustive list, just the most common. Just because something doesn’t appear on this list, it does not automatically make it a valid submission.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thanks for Working With Us!

We respect the talented people that locate security issues and appreciate all efforts to disclose responsibly.

Submit Vulnerability Report

In order to submit your vulnerability report, please send the details to security@squadcast.com.

Provide as much information as possible about the potential issue you have discovered. The more information you provide, the quicker Squadcast will be able to validate the issue. If you haven't yet, please remember to review our Security Page.

Squadcast, Inc.
38350 Fremont Blvd #203
Fremont, CA 94536, United States

Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2
Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2
Users love Squadcast on G2
Copyright © Squadcast Inc. 2017-2024