Security

1. Security Program

Source-DAM applies a layered security program that includes role-based access control, encryption in transit, secure secret handling, audit logging, vulnerability remediation, and production monitoring.

Security controls and hardening changes are reviewed continuously as part of engineering operations and release processes.

2. Incident Response

We maintain incident response procedures for detection, triage, containment, eradication, recovery, and post-incident review. If a confirmed incident affects customer personal data, customer notifications are issued without undue delay.

3. Vulnerability Disclosure

If you discover a potential vulnerability, report it to privacy@source-dam.com. Please include clear reproduction steps, impact summary, and proof-of-concept details where possible.

We request that testing is performed in good faith, avoids privacy impact, avoids service disruption, and does not involve social engineering or physical attacks.

We aim to acknowledge security reports within two business days.

4. Security Contact and Policy Metadata

Security and privacy contact: privacy@source-dam.com

Machine-readable security policy file: /.well-known/security.txt

5. Related Documents