<img alt="" src="https://secure.perk0mean.com/184504.png" style="display:none;">
Skip to content
Request a demo

Contents

Welcome to 4G Clinical’s vulnerability disclosure page. The below information is important to your use of 4G Clinical’s website and products.

Vulnerability Disclosure Policy

Last Updated: June 2025

Overview

4G Clinical is committed to maintaining the security and privacy of our systems. We welcome and encourage cybersecurity experts (“Security Researchers”) to help us identify potential security vulnerabilities in our systems and applications.

In Scope

This vulnerability disclosure policy (“Policy”) applies to any digital assets owned, operated, or controlled by 4G Clinical, including but not limited to:

  • all 4G Clinical web applications and services;
  • public-facing systems and APIs;
  • mobile applications developed by 4G Clinical; and
  • any system that processes, stores, or transmits confidential and clinical trial data.

Out of Scope

The following is out of scope:

  • issues that relate to third-party services, applications, and technology used but not owned by 4G Clinical;
  • physical security testing;
  • social engineering attacks against 4G Clinical staff, users and/or clients;
  • disclosure of known public files and other information disclosures that aren’t a material risk (e.g., robots.txt);
  • denial of service (DoS) attacks;
  • testing that involves accessing or modifying data belonging to other users; and
  • any attack or vulnerability that hinges on a user’s computer first being compromised.

Legal Considerations

This Policy is designed to facilitate a collaborative relationship between 4G Clinical and Security Researchers. This Policy is designed to be compatible with common vulnerability disclosure practices. By participating under this Policy, you acknowledge that:

  • you will comply with all applicable laws and regulations:
  • you understand that unauthorized access to computer systems may violate applicable laws; and
  • this Policy does not create any employment, agency, or partnership relationship between you and 4G Clinical.

Vulnerability Reporting

4G Clinical recommends that Security Researchers share the details of any suspected vulnerabilities across any asset owned, operated, or controlled by 4G Clinical (or that would reasonably impact the security of 4G Clinical and our users) using the Bugcrowd partner email intake address vdp@4gclinical.submit.bugcrowd.com. The 4G Clinical Security Team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution. We thank you in advance for any potential vulnerabilities you may report.