SECURITY & PRIVACY AT HOTDOC
We recognise that your data is very sensitive. We combine extensive security features with comprehensive audits of our platform to ensure your data is secure.
HotDoc runs all of its services from the cloud in Australia and is deployed across multiple availability zones within the region. HotDoc maintains failover capabilities in the event of physical hardware or logical software failures, with infrastructure hosted in high availability data centres. HotDoc uses modern infrastructure-as-code and security tooling to make sure our infrastructure runs reliably and securely.
HotDoc has built application security into its culture, with a dedicated team to help mentor and coach best practices within the product. All code is peer reviewed with an extensive set of automated testing as part of our build pipeline. HotDoc keeps up to date with software patching and vulnerability management with automated tooling. HotDoc uses layered defence to maintain separation between production and development environments and ensure the principles of least privilege are maintained as it relates to customer data.
HotDoc makes it a priority to resolve any security vulnerabilities in our products within the timeframes identified in our security policies. HotDoc follows coordinated vulnerability disclosure and kindly asks that anyone reporting a vulnerability to us does the same in the interests of our customers.
If you are a customer, please submit a ticket to our support team.
If you are a security researcher, please join our bug bounty program, or email our security team.
Bug Bounty Program
HotDoc invites you to test and help secure our primary publicly facing assets – focusing on our web, and mobile applications. We appreciate your efforts and hard work in making the internet (and HotDoc) more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
HotDoc has a dedicated security team that handles everything from application security through to infrastructure security and anything in between. Have any questions? Feel free to contact the team directly.