Security Program & Responsible Disclosure Policy
Last Updated: March 25th, 2022
Data Security
At Getlabs, we always encrypt data both at rest and in transit for everything we do. We use tools like Google's Cloud Key Management Service to manage encryption keys for maximum security in line with industry best practices, and ensure that all of our hardware is managed and securely encrypted.
Application Security
Getlabs regularly reviews usage and access patterns across our entire organization. In addition, we use high-quality static analysis tooling provided by our partners to secure our product at every step of the development and deployment process.
We also regularly engage with some of the industry's best application security experts for third-party penetration testing, which includes evaluation of the source code, running application, and the deployed environment.
Infrastructure Security
Getlabs uses Google Cloud Platform to host our applications, and we make full use of the security tools and products that are offered by GCP. Our infrastructure is fully documented and goes through our full product development lifecycle process whenever changes are made.
In addition, we deploy all our applications using containers on GCP managed services. This means that we do not manage any bare metal or VM instances in production.
Responsible Disclosures
Data security is a top priority for Getlabs, and we believe that working with skilled security researchers can identify weaknesses in our technologies and applications. If you believe you've found a security vulnerability in any Getlabs product or service, please notify us at security@getlabs.com. We will acknowledge your email within 3 business days and we will work with you to resolve the issues as quickly as possible.
Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or to a third party. We aim to resolve critical issues within 5 business days of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading any of our services. We ask that you only interact with accounts you own or for which you have the explicit permission from the account holder.
While researching, we'd like you to refrain from Denial-of-Service (DoS) attacks, spamming, social engineering or phishing of Getlabs employees or contractors, and any attacks against Getlabs' physical property.
Getlabs is always open to feedback, questions, and suggestions. If you woud like to talk to us, please feel free to email us at security@getlabs.com.