Legal & Security

The boring but important stuff that you may want to know. 

Legal Policies

Acceptable Use Policy

Updated February 21, 2018

Review the details
Customer Agreement

Updated February 21, 2018

Review the details
Customer Use Addendum

Updated February 21, 2018

Review the details
Service Specific Terms

Updated February 21, 2018

Review the details
Privacy Policy

Updated February 21, 2018

Review the details
Support Policy

Updated February 21, 2018

Review the details
General Data Protection Regulation

Updated May 20, 2018

Review the details
Copyright & Trademark Violations

Updated February 21, 2018

Review the details
Third Party Code in Inventiv Products

Updated February 21, 2018

Review the details

Security

Inventiv welcomes the security community in helping us identify and fix security issues with our products or services. Please find reporting instructions below.

Reporting a Security Vulnerability

Please provide the following technical information when reporting a discovered security vulnerability. This information will help us assess the impact of the issue and form an appropriate response.

  1. Provide steps to reproduce the issue, including any URLs or code involved.
  2. If you are reporting a cross-site scripting (XSS) vulnerability, your exploit should display an alert dialog in the web browser. Preferably, this alert dialog should display the user’s authentication cookie.
  3. For a cross-site request forgery (CSRF) vulnerability, please use a proper CSRF case when a third party causes the logged in victim to perform an action.
  4. For a SQL injection attack, please provide an exploit extracting database data. Producing an error message is not sufficient to qualify your disclosure as an actionable vulnerability.
  5. If demonstrative of the exploit, please provide any relevant traffic capture demonstrating your proof-of-concept.

Please refrain from sending links to non-Inventiv websites, or attaching potentially executable files such as EXE, DOC, or PDF documents.

We will not respond to a generic vulnerability scanner report. However, if you have a report that was used as a starting point for your examination of a specific vulnerability, we will gladly review relevant sections of a scanner report if you point us in the right direction.


Reporting a Security Incident

Please provide the following technical information when reporting a security incident. This information will help us assess the impact of the issue and form an appropriate response.

  1. Provide the steps to reproduce the issue, including any URLs or code involved.

Please refrain from sending links to non-Inventiv websites, or attaching potentially executable files such as EXE, DOC, or PDF documents.


Submitting your Security Incident or Vulnerability

Please submit your report using the contact form to the right.

Public Disclosure

Please further assist us by practicing responsible disclosure of any vulnerabilities you discover. Before disclosing a vulnerability publicly, we require that you first request permission from Inventiv. Inventiv will process requests for public disclosure on a per-report basis. These requests will only be considered once the reported vulnerability is fixed.

Low-Priority Vulnerabilities

Please do not report low-priority security vulnerabilities. A low-priority vulnerability is anything that only exploits client-side vulnerabilities inherent to web browsers or the HTTP protocol. Additionally, please refrain from reporting content spoofing, phishing, error stack traces, or non-authentication cookies that are not marked as Secure or HTTPOnly.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google