Security

Report security issues directly.

Use the security contact for vulnerabilities, exposed secrets, access-control issues, or suspicious behavior involving ContractIQ.

Report

What to include.

Send the affected URL or tenant site, steps to reproduce, expected and actual behavior, screenshots or logs if safe to share, and whether you believe tenant data was exposed.

hello@cyrillian.com

Public site scope

The public site is separate from tenant answer sites. A marketing page issue may not affect a tenant deployment, but we still want the report.

Keep secrets out of email

Do not send live credentials, access tokens, private crew records, or source documents by email. Describe what you found and we will arrange a safer path if sensitive material is needed.

Tenant incidents

If the issue involves a tenant answer site, include the tenant domain and account role if you can. For urgent access problems, use the tenant support path as well so local administrators can respond.

What happens next

We triage reports, confirm receipt when possible, and prioritize issues that could expose tenant data or affect account access.