Security Response

Reporting security problems

For other urgent or sensitive reports, please email our Security team. We’ll respond as soon as we can.

For requests that aren’t urgent or sensitive, submit a support request.

Tracking and disclosing security issues,

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

  1. We’ll acknowledge your report.

  2. We’ll triage your report and determine whether it’s eligible for a bounty.

  3. We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until they’ve been fully investigated and patched, but we’ll work with you to ensure we fully understand severity and impact.

  4. Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.

Our products are built on the Next JS framework. The issue you reported might Next JS, or some other part of our technology stack. We ask for your patience while we also make sure other companies and their customers are protected. Either way, you’ll always have a clinicGraph contact for your issue.

Thanks for working with us

We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely: