Terms of business:
Client related policies

Privacy policy for Services

Data breach notification

Integrity

Environment

System requirements

Privacy Policy for Services

This privacy statement applies to Ethicontrol client related services provided via websites as subdomains of ethicontrol.com, services and products that collect data and display these terms. It does not apply to any Ethicontrol site, service or product that does not display or link to this statement or that contains its own privacy statement.

Ethicontrol, LLC. ("Ethicontrol") is committed to protecting your privacy in a variety of ways including using industry accepted security measures to protect against loss, misuse and alteration of data contained in our systems. This Privacy Policy is designed to describe how we secure and maintain our customers' and visitors' personal information when collected on sites which link to this Privacy Policy. This includes subdomains on ethicontrol.com or ethicontrol.ru or ethicontrol.com.ua. Any information given to us will never be sold, rented, traded, shared or leased other than as outlined in this Policy.

Ethicontrol does not publish text, images, or multimedia content that portray nudity, foul language, violence or other information not suitable for children. Web sites maintained by Ethicontrol are not directed to children under the age of 13. Ethicontrol will not knowingly collect or maintain personally identifiable information from or about anyone under 13. Ethicontrol is committed to complying with privacy laws to which it is subject and adhering to the highest industry standards for privacy.

Ethicontrol is not responsible for content saved to any Ethicontrol's system by Hotline/Ethicsline/Trustline/Trustbot/Trustchat reporters or client company representatives.

We may gather information by observing how you interact with our commercial website, but never gather information how your interact with products and services.

Registration: When you, or your organization, sign up to use our sites or services, or you sign up to attend a webinar or get additional information about our products and services, we may receive certain necessary information such as your name, job title and contact information such as email address, phone number and address.
Account/Report Access: To access some of our products and services you may be required to provide us specific information (such as your login credentials) that allows us to verify your identity before accessing certain data we host. This identity verification information is kept secure on our private servers and is only used to assist you in accessing your account or report; this information is not released outside of the relevant Ethicontrol system unless specifically authorized.
Hotline/EthicsLine Reporters: No personally identifying information is automatically collected from reporters using Ethicontrol applications. Personally identifying information, such as name and e-mail address, is stored only when a reporter voluntarily gives this information for use by a client company.

Ethicontrol gathers information about how you use our services in a limited ways:

Web forms, such as when you type information into a registration form.
Web logging, which enables us to collect the standard information your browser sends to every web site you visit such as your IP address.

Other information is not collected.

Licensed Users of Products and Services:

Personally identifiable information such as name, contact information, username and password is stored in our database for access to and use of certain software applications. This information is kept secure on our private servers and is only used to assist you in accessing your account. No information is released outside of the Ethicontrol system unless specifically authorized.

Hotline/EthicsLine Reporters:

No personally identifiable information is automatically collected from reporters submitting a case. Personally identifying information, such as name and e-mail address, is collected and stored only when a reporter voluntarily gives this information.

No use of Cookies, Clear Gifs and Log File Technology:

We DO NOT use technologies such as cookies, beacons, tags, and scripts the services used by reporters.

Upon request, Ethicontrol will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To make a request please contact us at privacy@ethicontrol.com with "Personal Information Request" in the subject line, and provide us with full details in relation to your request, including your contact information, your company's name and any other detail you feel is relevant.

Upon request by mail or e-mail (to the addresses noted below in the Contact Information section), Ethicontrol will grant individuals reasonable access to personal information that it holds about them, unless otherwise legally unable to do so. In addition, Ethicontrol will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Ethicontrol shall provide a response to an access request within 30 days of receiving such request.

We will retain your information for as long as your account is active or as needed to provide services to your organization. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Our web-intake portals are cookie-free and script-free.
We provided such an opportunity to guarantee additional anonymity protection.

Log Files
As true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, date/time stamp.
We do not link this automatically-collected log information with other information we collect about you.

Local Storage Objects (Flash/HTML 5)
We use Local Storage Objects (LSOs) such as HTML 5 to store content and preferences. Third parties with whom we partner to provide certain features on our site to display advertising based upon your web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML 5 LSOs.

Ethicontrol will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

For licensed users and reporters, communications between the Ethicontrol site and a user's web browser are accomplished using, at a minimum, 128 bit SSL encryption and various third party security certificates to protect confidential data. Ethicontrol does not allow users to transfer or receive confidential information unless they are using a validated 128 bit (or greater) encrypted session.

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our Web site, you can e-mail us at itsecurity@ethicontrol.com with "Questions about Security" in the subject line. We do not link this automatically-collected data to personally identifiable information.

Automatic Information Storage
Session Variables may be used temporarily in your system cache to create ease-of-use during your transaction. Examples of such information are automatically-produced alphanumeric numbers held during your session on our site to facilitate page-to-page transactions. We only store name, e-mail, phone, address, company name or any other identifying information for licensed users; no information is stored for others unless otherwise stated in this policy.

Ethicontrol contracts with select third parties for Web-based services that include e-mail delivery and content streaming, that may collect non-personally identifiable visitor data including IP address and pages visited. These third parties may only use personally identifiable information, for example, e-mail addresses, for the service requested and not for their own marketing purposes.

Ethicontrol also contracts with select third parties in connection with the delivery of services to our clients. These third parties may not use any personally identifiable information other than to provide the specific contracted services.

No company other than Ethicontrol is allowed to access information stored on our servers unless expressly authorized by Ethicontrol. Unauthorized access to this information is a violation of the law. Ethicontrol has placed security measures and firewalls on all network servers in an attempt to prevent outside parties from accessing private information. In the event of a breach of security, Ethicontrol will press charges to the fullest extent possible against those parties illegally accessing the information on our servers.

Upon request, Ethicontrol will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To make a request please contact us at privacy@ethicontrol.com with “Personal Information Request" in the subject line, and provide us with full details in relation to your request, including your contact information, your company's name and any other detail you feel is relevant.
Upon request by mail or e-mail (to the addresses noted below in the Contact Information section), Ethicontrol will grant individuals reasonable access to personal information that it holds about them, unless otherwise legally unable to do so. In addition, Ethicontrol will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Ethicontrol shall provide a response to an access request within 30 days of receiving such request.
We will retain your information for as long as your account is active or as needed to provide services to your organization. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you have received unwanted, unsolicited e-mail sent by Ethicontrol or from any Ethicontrol system or purporting to be sent via Ethicontrol, please forward a copy of that e-mail with your comments to info@ethicontrol.com for review.
If you have questions or complaints regarding our privacy policy or practices, please contact us at privacy@ethicontrol.com with “Privacy Enquiry" in the subject line and provide detail on your question or complaint so that we may adequately respond.

Integrity Policy

Ethicontrol Integrity Policy aims to conduct business on the basis of honest and ethical conduct in relations with employees and third parties. We pursue a policy of absolute intolerance to bribery and corruption and strive to act professionally, responsibly and honestly in all business relations and areas of our practice, with observance and provision of effective mechanisms to prevent corruption and combat bribery.

The company complies with all regulations related to bribery and corruption prevention both in EU, Ukraine and in other jurisdictions in which it operates (US FCPA, UK Bribery Act and others).

In this policy, the term "Third Party" means any individual or entity with whom we come into contact in the provision of services and business management, and includes existing and potential customers and clients, intermediaries, suppliers, contractors, agents, consultants, as well as government agencies and organisations, local authorities, including their representatives and officials, politicians and political parties.

This policy applies to everybody working in the company at all levels (working both on a permanent and temporary basis, or part-time), consultants, contractors, trainees, volunteers, agents, or any other person associated with Ethicontrol (employees).

Bribe (illegal benefit) - money, material things, benefits, privileges, services, intangible assets which are promised, offered, provided without legal grounds to a person endowed with certain powers to stimulate him/her using such powers to act in the interests of the person who transmits or offers.

Bribery is a criminal offense and consists in offering or giving a bribe, receiving or requesting / demanding a bribe.

The Company is aware of its responsibilities in combating corruption and bribery, and the risks associated with the possible involvement of employees in such illegal activities.

This policy does not prohibit normal ethical conduct, which requires appropriate hospitality, friendliness, courtesy, including the transmission and reception of gifts, treats and free services. However, we have specific internal policies and procedures that ensure that employees have a correct and unambiguous understanding of what should be considered normal ethical conduct, taking into account the financial constraints and principles set out below (the basic principles), namely that any gifts:

should not be made to induce certain acts or inactivity, or would not give rise to preferences or prejudices, or could not be regarded as a bribe;
must comply with local laws and business etiquette traditions;
should be donated on behalf of the organization and not on behalf of the individual;
should not be in the form of cash or other cash equivalent;
must be acceptable and appropriate in the circumstances;
should correspond to the generally accepted understanding (not to cause surprise) concerning characteristics of such gifts including value and the reason for the gift;
should be donated openly, not secretly.

In any case, gifts must not be offered or accepted by persons empowered by public authorities or local governments, or their representatives, or politicians or political parties, without the prior consent of the Director of the Company.
The following is not acceptable to any employee (or a person acting on his behalf):

to transfer, promise to transfer, or offer money, a gift, or to show excessive hospitality with the expectation that this will give an advantage or that such an advantage has already been given;
to transfer, promise to transfer, or offer money, a gift or to show excessive hospitality towards civil servants, subjects of power, or their representatives for "facilitating" or accelerating routine procedures;
to accept a payment from third parties, in respect of which it is known in advance or it can be reasonably assumed that such payment implies the receipt of benefits by them;
to accept a gift from a third party in respect of which it is known in advance or it can be reasonably assumed that the gift was offered with the expectation that the Company will give some advantage to such third party;
threaten or harass an employee who refuses to engage in bribery, or exposes such bribery, or expresses concern about compliance with this policy;
participate in any activity that may violate this policy.

We do not pay or accept payments aimed at simplifying formalities, informal acceleration of formal procedures or "kickbacks" in any form, including in the form of small informal payments.

The company may make donations and pay charitable contributions that comply with local laws and morals.

All persons who work for us or are under our control are responsible for preventing, detecting and reporting bribery and other forms of corruption. Employees should avoid any activity that could violate this policy.

An employee must notify the Company as soon as possible if he or she believes that a situation that does not comply with this policy arises or may arise in the future, if he or she is required to or is offered a bribe, or if he or she believes he or she is involved in another illegal activity.

An employee who violates this policy may be subject to disciplinary action that may result in his or her dismissal. We reserve the right to terminate our contractual relationship with Third Parties if their actions are corrupt and could damage the Company's business reputation.

If any person becomes aware of the circumstances regarding the actions of our Employees or the activities of Third Parties that show signs of corruption or violation of this policy, they may report such facts directly to one of the directors or co-founders of the Company or by email: trust (at) ethicontrol.com

Group trainings and individual explanatory work on proper observance of this policy and compliance with its requirements have been introduced for all Employees. We also inform third parties, in an appropriate manner, of our use of approaches that involve absolute intolerance of bribery and corruption.

The Company constantly monitors and controls the implementation of this policy at regular intervals, analyzing its application for relevance, adequacy and effectiveness. Internal control systems and procedures are also regularly reviewed to ensure that they are effective in combating bribery and corruption.
All our employees are aware that they are responsible for the success of this policy and must use it to uncompromisingly expose and combat corruption.

All possible cases of ambiguity and uncertainty in this Policy should be interpreted by Employees in a stricter direction and subject to conservative interpretation.
In case of detection of incidents and situations with the Company's employees, which arose as a result of incorrect or original interpretation of the ambiguities of the Policy, such incidents will be resolved not in favor of the employee.

Environmentally Preferable Purchasing (EPP) Policy

Ethicontrol is committed to the stewardship of the environment and to reducing the company's dependence on nonrenewable energy. This Environmentally Preferable Purchasing Policy (EPP) fortifies our commitment to sustainability.

The goal of this policy is to reduce the unfavourable environmental and social impacts of our purchasing decisions by buying goods and services from manufacturers and vendors who share our commitment to the environment.

Environmentally preferable purchasing is the method whereby environmental and social considerations are given equal weight to the price, availability, and performance criteria that colleges and universities use to make purchasing decisions.

The products purchased by Ethicontrol should embody the following principles:

High Content from Post-Consumer Recycled Materials
Low Embodied Energy (consumed to extract, manufacture, distribute and dispose)
Recyclable, Compostable and Biodegradable
Non-toxic
Energy Efficient
Durable and/or Repairable
Produced in a Manner that Demonstrates Environmental, Social, and Ethical Values
Minimal Packaging (packaging should also abide by the above principles)
Afterlife Reuse/Regeneration Potential through the Company (carpeting, furniture, etc.)

System requirements for users

Computer and processor 1 gigahertz (GHz) or faster
Memory 2 GB RAM
Hard disk 3 GB available disk space
Display - any screen resolution
Operating system - for the best experience, use the latest version of any operating system.
Browser - any

Computer and processor 1 gigahertz (GHz) or faster x86-bit or x64-bit processor with SSE2 instruction set

Memory 4 GB RAM

Hard disk 3 GB available disk space

Display - for the better experience use displays with resolution starting from 768 px width (medium sized tablets and bigger)

Operating system - any

Browser

Chrome 21+ (recommended)
Firefox 28+
Edge 12+
Safari 7+
Opera 17+
Android 6.0+

Internet Explorer in NOT supported.

Data breach notification

This policy defines what qualifies as a breach of user data, what actions will be taken in the event of user data exposure or compromise, and the timeline for action.
This policy applies to user data stored on Ethicontrol.com. It does not apply to self-hosted / on-premises EthiBox instances or instances hosted with other providers than Ethicontrol.com

This policy covers "private user data" stored by Ethicontrol.com, and includes:

Client's database
Client's files
Encrypted Passwords
Private Email Addresses

Note: Ethicontrol.com does not store any "personally identifiable information" (PII) such as (i) Private Addresses, (ii) Credit Card Numbers, (iii) Bank Account Information, (iv) ID numbers (e.g. passport, driver's license, social security, national identification, etc.). Ethicontrol.com also does not store any "personal health information" (PHI). Therefore, laws and regulations relating to PII and PHI do not apply.

A breach of user data is the unintended or accidental exposure of private user data. This can be caused by accidents, misconfigurations, or malicious actions performed by an external attacker or team member.

An event is considered a data breach when there is evidence that private user data has been exposed to the public or to an untrusted third party.

Trusted third parties may have authorized access to user data under a signed Non-Disclosure Agreement (NDA). Such trusted third parties include but are not limited to:

Cloud service providers
Database consultants
Security auditors
Financial auditors

Some examples of a user data breach would include:

Compromise of a database server that contains private user data with evidence that an attacker may have had access to or copied the data off-site.
Compromise of an application server account that has access to private user data and evidence that the attacker has downloaded or accessed private data.
Theft of a device known to contain private user data.
Web application attack used to download a list of all user emails and encrypted passwords.

Examples of security incidents that would not be considered a breach of private user data:

Compromise of an application server that does not contain or have access to private user data.
Compromise of a team member application account that does not have access to private user data.
Malware infection on a server or team member computer system that does not contain private user data.
Compromise of non-sensitive user data such as login IP addresses, login history, project permissions.
Unintentional disclosure of project names, group names, issue titles, or project or user metadata unless this data can cause damage to the user or their business.
Discovery of a vulnerability that could have been used to compromise private data, but for which there is no evidence of exploitation.
Theft of a team member's mobile device that does not contain private user data.
Theft of a team member's private keys, tokens, or other credentials provided there is no evidence they were used to access private user data.

You can check out these common non-vulnerabilities that will not be considered as a breach.

If Ethicontrol has detected evidence of a breach of Ethicontrol.com or Ethicontrol Hosted private user data, all affected users will be notified via the configured email address for their accounts. Emails will contain information on what data was exposed or compromised, when, and for how long (to the extent this information is available).

For a breach that exposes private data for a large number of users, the public will also be informed via the configured email addresses for their accounts, and additional means of communication will be considered (e.g. press release, the blog, etc.) on a case by case basis.

Ethicontrol will endeavor to notify users within 24 hours of breach discovery. This may be delayed when necessary to comply with requests by law enforcement.

We know how much work goes in to pen testing!
To avoid frustration, you can check out these common non-vulnerabilities that don't qualify for rewards.
Got a valid issue? Awesome! Please include:

A summary of the problem
A severity rating of 1 — 5 (1 being least severe, 5 being most ie. you can easily hijack, impersonate or access any other account or data)
A PoC or breakdown of how to replicate the issue
The operating system name and version as well as the web browsers name and version that you used to replicate the issue

Send to security (at) ethicontrol.com

If you plan to provide access tokens, secure cookies or sensitive data as an example, we kindly ask you GPG encrypt your email. Here is our public GPG key.

Download
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFvaxloBEAC88nEMGv8ZlZ0EfFiSuJBlNaVzKf2XVGfz7FFY9Z1q2mHABzuL
weNy9P52VlFl7b5cmmMvCmyOQ0TJJMVGSJInG2UW4XV10ZFYppqipS3q4Dn8rXHH
CSgTISSff+GV6Ksfcw0+JEKG65vRW4AcC5gAkIgfEYM0ASAYx8JyhQQgAtlZ62q+
PjkTt48T17q+ZQ3tUF+EtvE8RStWz7DL6ONpvgP88QvLM2ejE7mCDENgshjkcJOT
kgih7oZWMiBuAexrgeYAtJwOO1NP5Ltv4sBs2kdogwUtQac5839SbgnMej1niWEL
+8aZ+WIBl44Q38okjPM9EHpVB0fub9ujtn/hp5WE4EsGeM/ivjKTl3CoNfWJhGED
ZM/0Yq1hTyZOE4oIMdlaHoCQKAYC/2VCcpwerljNnWMv27cVEIca1aNeVzU6kQCF
/1LHd3qp0H6w8GqqobIta/zaZzZ/fDtPbZgoDEvOLAxy0q2ADV1U+M9e7djWhjZ4
uHx3PyvT58ROBMXnhPV6hyB5LKEtVUWAx2O8YJTClg5QXZxKS70dncHPkMgFcVp7
duWY7NWrV8mVYjfQw22tPl+OXGFD9zzzZoHd8do9qCYvrTjBzo8tQrw4IWK/oqwT
Wcv4UTLRUqOLSF5GmnUgy0o+lbIsPg7xLHBnWnFpmufZ2X8xTAupm3C4HQARAQAB
tCtPbGVnIExhZ29kaXllbmtvIDxzZWN1cml0eUBldGhpY29udHJvbC5jb20+iQJU
BBMBCAA+FiEE2g4mqS9MF/18A+3NCGf4JnXRz+sFAlvaxloCGwMFCQeGH4AFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQCGf4JnXRz+tWxRAAqh09eA4EgmjVTFuv
Bmjk1H4DFWoBFq5gTRXgpibSfD3Qh1dkiLqrN9P28JCiG+OmaizfJS6X5BcBPO/S
AkTSjphe5zgnIpBsASc73SOGtsjocLiul/Odq6NqP3u0zbRt7155GqhVhODbGT0B
A2ydWlzRd9TwGuHNL1aCUF5r3QemsiV0kMVW9e/2PAqn6CKF64FJb3zG4gj6WTKA
xPhLNHFzwE+J2c3iAjtLKm4uGznnjxFIOhfaaWJMIORS9rMMj+c+uyp7r/xBxO+T
pTUEvRz6eFO9VIT9OmnozorXXeZXHNz2CEhfG/NcqLxwO9COkd570RPvUo/i6m4l
wwH49aZq0rqz5i7wHAY4JrkIAz8ZeTc+OwEqTLdUXbDqN+xP4kIixliASQ3Eqx65
9EZcvc0zenVE7s6K8XKMGf4bkAu0cXDd29fe4wLgi6CrMgm+WG8MddgNDE6dQl0Y
liM+Cnile9iCM6zMqg9bVRCGU9sxuMYrq1L0ZvKArH+uqXnrenK3x7wmkqSMyTVU
le4S00z3LT/GHVUzoK3TBVbf2mLhtPifRxY6wjwA+kZTFsNz4U+t4f6qkcJETcN7
1YbARrKP3zcRU1uB3LDplRJcJ7FmBsijUau62vwLFAbCP+ac0uxdV4ts+ynpX44e
HL8ZjHIHqV0WGFNPc6BAHP8oTce5Ag0EW9rGWgEQAOoCu86qsSajwt0xLlvpYDKQ
xozrYryj4bF9n9YWEU/wHtFE/3A425+VIHRcTr5DuI9nf/TV5PzrxsOetV1uFSzw
sauIQ+fjY1XOfTOVi4Cfe/CuZqmRe0aniQClsknjJdnbroUwZr5f73EPXAxTTUDV
Axgr2XRY8nVDns5ehz2/xzPbNP+ZVVBksE4K0nCS2mdYIvBrPGxLqqjsIX3p0PFa
K7vQu3JZNdjlBr2bse9Hv6zu3twnIXY5gl6zdR6blp18dPj/Qv04zV0m1SKmnB5l
IakagKJClYBzj4hFGgcwp5+H2S0kQ8mEgED9mNODC2IFFNK8ptKUSKDraKnXqoBC
h9Owm46VgeabWeW5lYJDXELZ8iyGMA9bqqcH5DsjOdieUescVYdvDySeM6KyzyI1
BFbgnkpUmE44rQwjuBZR+kcgNwBUmS01/TUAL0wzV15hwxfALPBNZR26wWVa80rv
ky1Dfy+PCvFhReeJ7bsiL8U8KiZ9Is6ujQir884sDh+x6qbhoRFPArbfEoV5+uCR
1eMxPxtgmZ4oJ+58EzFANCCjK4Mld081YQQCNhzL8sisiti16kOjR8qWiBuoVlmb
y4RaYBEB8u8AzVD+187i0IIIUXI+MaGefmIgmM1DhL1qM20Bpp8K2hXs127OersQ
jmDXZGOhEdqlee1VKjbTABEBAAGJAjwEGAEIACYWIQTaDiapL0wX/XwD7c0IZ/gm
ddHP6wUCW9rGWgIbDAUJB4YfgAAKCRAIZ/gmddHP6waRD/0bj/rbMhG+i6iW8Nmn
NP+DPfUHWKEuUXwJjpo6eFwNGYoQEiMrMMQ/6kGMpRGXqS1jCBoZEvtoYg655dIj
sHariZnXMTfAKCDRIhVbAzWcpejSCFTQ+Ysv7//ZQr2/RMSZBQhg8MNFVm/MRbw9
vtnxJ1GQ4d10S6kBQmZrit4tieLerhMJ4Zju8Lq+XFh8uiLtYGbIJfwBOqcF02ar
WZUiUolZa8UDZH4tQb7XkTOsXACsekZxplTYyUTEdboXEo3+nihwFRr6tES4+t6D
jk27ldzmkCzZCmV4NFE76Lgvsy0kBijvp7/WmacvBJVaP0YQCFkcyM46Tya/K9/x
fb+k70imH/U9CsqEOKjohTd6Y5Fu6SRrfj+Libit5Rn35AIytkdCNgnHYsUNE8/w
CW+83u/JZ6ia0GDNgg8ZLXYd34e4ve6vBHJgH+c+p94mQ2PkRVlzMlHi9CQU860V
/H6uImcdTGSYP3/KM9Gpkb/1e4vrzD4tEkbCmeYNeMVkVbua1KSR2/9Bqk45ufvr
dEVLKz+dE/t5mVThcm7QBLIYpZS7l7VoTNqtovVXBsP1EQC1LF0f9VIAOwYa82jG
CVICeQWIjTbH6O3och46R+eKhp7ilyzn6cC4U9A/cOhbztCp7W/Ax/BAqyb4M2SP
Xmpem1wxkG1QZf3IMPmLl3+sSg==
=GHMz
-----END PGP PUBLIC KEY BLOCK-----

We're eternally grateful for all of those who put in hard work to identify weaknesses within Ethicontrol.
For reports that are not common non-vulnerabilities, we like to reward those who responsibly disclose vulnerabilities with an acknowledgement, swag or bounty money.
Whisky and biscuits can be also provided during one to one meeting.

We appreciate the work that goes into finding and disclosing security flaws in Ethicontrol and would like to thank the following individuals and organisations:

Alexey Yankovsky, ISACA
We've been working closely with Alexey and his team at ISACA Kyiv Chapter to identify key weaknesses within our app. They've continuously proven to be experts in identifying weaknesses. They have helped us identify and resolve potential security holes such as account hijacking, access token leaks, XSS and CSRF exploits.

Security and Trust Center

Visit our security page check additional policies and practices.

More info

Company

Products

Solutions

Services

Resources

Whistleblowers

Ethicontrol (ethical control) is a global ethics hotline outsourcing service and software for internal investigations. Our integrated platform supports full life-cycle of a report: from registration via contact-center and web-intake up to management conclusions in case management system (SaaS).

Corporate surveys

Anti fraud

Code of ethics

Compliance programmes

Who are whistleblowers

Informer vs whistleblower

How to stay anonymous

Anonymity protection

FAQ

Events

Researches

About us