Client Portal
Contact Sales
Received a debt collection communication from TrueAccord? → Click here for more information.

Responsible Disclosure Policy

At TrueAccord, the security of our infrastructure is a top priority. We recognize the vital role that independent security researchers play in keeping the digital ecosystem safe. This policy outlines our commitment to coordinating with the security community and provides a “Safe Harbor” for researchers acting in good faith.

1. Reporting a Vulnerability

If you believe you have discovered a potential security vulnerability in a TrueAccord product or our infrastructure, please submit a report to security@trueaccord.com.

Your report should include:

  • A detailed description of the vulnerability and its potential impact.
  • Step-by-step instructions (or a Proof of Concept script) to reproduce the issue.
  • The specific URL, IP address, or endpoint affected.
  • Your contact information for follow-up communications.

2. Our Commitment

If you follow this policy, we will:

  • Acknowledge receipt of your report within 3 business days.
  • Work to validate and remediate the issue in a timely manner.
  • Maintain open communication regarding the status of your report.
  • Not pursue legal action against you, provided you adhere to the guidelines below.

3. Guidelines and Restrictions

To remain in compliance with this policy and qualify for Safe Harbor, you must:

  • Avoid Privacy Violations: Do not access, modify, or delete data belonging to TrueAccord clients or their consumers.
  • No Service Disruption: Do not perform Denial of Service (DoS/DDoS) attacks or use automated scanners that may impact system performance.
  • Confidentiality: Do not disclose vulnerability details to third parties or the public until TrueAccord has addressed the issue and provided explicit written consent.
  • Legality: Abide by all applicable laws, including the Computer Fraud and Abuse Act (CFAA) and state equivalents.

4. Safe Harbor

TrueAccord considers security research conducted under this policy to be “authorized” access under relevant anti-hacking laws. We will not initiate legal action against researchers for accidental, good-faith violations of this policy, provided they immediately cease activity and notify us upon discovery of a sensitive data exposure.

TrueAccord is a full-service digital-first debt collection agency.

California License: 10526-99
Nevada License: CAD11758
Nevada Compliance Manager: CM12809
New York City Department of Consumer Affairs License Number: 2086769-DCA.
Facebook-f Twitter Linkedin-in

Product

Compliance

Resources

ISO 27001 Seal