← Compliance hub
Incident response & customer notification
How we handle suspected security incidents affecting the CapchaCloud service.
Notification timelines are targets, not guarantees. Regulatory duties may fall on you depending on your role and jurisdiction.
Severity (internal)
| Level | Examples |
|---|
| SEV1 | Active exploitation; broad confidentiality impact; widespread outage with security angle. |
| SEV2 | Limited breach scope; privileged access anomaly; partial outage. |
| SEV3 | Contained vulnerability; suspicious activity without confirmed impact. |
Customer notification principles
- Confirmed impact: We notify affected customers without undue delay once we establish credible facts.
- Law enforcement: Notifications may be deferred where legally required.
- Channels: Email to tenant admins and/or in-dashboard notices as available.
Reporting intake: serviceautomations.ai security routing — coordinated with disclosure policy.