SECURITY NOTICE

Report a Security Vulnerability
At Ceribell, the security of our systems and the protection of customer data are top priorities. If you believe you have discovered a potential security vulnerability, we appreciate your help in responsibly disclosing the issue.

If You Are a Customer
Please contact our Technical Support team regarding any security-related questions using the information provided in the footer of this page.

If You Are a Security Researcher or Other External Party
Please reach out to security@ceribell.com. Submissions will be reviewed by our security team. A team member will follow up if further information is needed.

Responsible Disclosure Guidelines
We ask that you:

  • Ensure you have authority to test the systems you are accessing.
  • Act in good faith and avoid violating privacy, destroying data, or interrupting our services.
  • Provide detailed information so that we can reproduce, validate and remediate the issue.
  • Respect others’ data, rights and systems and avoid accessing, modifying, or deleting any user data that is not your own.
  • Give us reasonable time to investigate and remediate any issues.
  • Do not publicly disclose any vulnerabilities without our advance written consent and coordination with Ceribell.

In return, we will:

  • Acknowledge your submission in a timely manner.
  • Keep you informed of our progress, as appropriate.
  • Credit your discovery (if desired and applicable).
  • Not pursue legal action if your research was conducted in good faith in accordance with these guidelines and within the bounds of applicable law.

Legal Notice
By submitting a security vulnerability report to Ceribell:

  • You agree not to exploit the vulnerability in any way, including through unauthorized access, data exfiltration, data modification or deletion, degrading system performance or service disruption.
  • You waive any claims or rights to compensation, monetary or otherwise, for any vulnerability you report.
  • You agree to comply with all applicable laws and regulations in connection with your research and disclosure and acknowledge that you are prohibited from violating privacy rights and accessing any sensitive or proprietary data.
  • You agree to delete any accessed information.
  • You agree that Ceribell has the sole right to determine whether to publish the details of the vulnerabilities and the timing of any such publication.

Ceribell reserves all legal rights in the event of non-compliance or malicious activity and has final discretion regarding resolution of vulnerability issues and assessments. Further, Ceribell disclaims any warranties regarding its security program and has the right to modify or terminate any aspect of the program at any time. These guidelines and the reporting form do not create any contractual obligations.

We greatly appreciate the efforts of the security community and your help in keeping Ceribell and its customers as well as their patients and their data safe.