Incident Response Plan
Last updated: February 13, 2026
This document describes how HAIEC Inc. detects, responds to, and communicates security incidents that may affect customer data or platform availability.
1. Scope
This plan covers incidents affecting:
- Unauthorized access to customer data
- Data breaches or data loss
- Platform availability disruptions
- Compromise of authentication systems
- Compromise of third-party integrations (GitHub App, Stripe, etc.)
- Vulnerabilities actively being exploited
2. Severity Classification
| Severity | Definition | Response Time | Notification |
|---|---|---|---|
| Critical | Active data breach, authentication bypass, or complete service outage | 1 hour | Immediate email to affected customers |
| High | Confirmed vulnerability being exploited, partial data exposure, or major feature outage | 4 hours | Within 24 hours to affected customers |
| Medium | Confirmed vulnerability not yet exploited, minor data exposure risk, or degraded performance | 24 hours | Within 72 hours if customer data affected |
| Low | Potential vulnerability, informational finding, or minor service degradation | 72 hours | Included in next security update |
3. Response Phases
Phase 1: Detection & Triage
- Sentry alerts for application errors and anomalies
- Vercel monitoring for infrastructure issues
- Rate limiting alerts for abuse patterns
- Customer reports via security@haiec.com
- Vulnerability disclosure reports
Phase 2: Containment
- Isolate affected systems or accounts
- Revoke compromised credentials or API keys
- Enable additional logging on affected systems
- Preserve evidence for forensic analysis
Phase 3: Investigation
- Determine root cause and scope of impact
- Identify affected customers and data
- Review audit logs and access records
- Document timeline of events
Phase 4: Remediation
- Deploy fix to production
- Verify fix effectiveness
- Restore affected services
- Reset credentials if necessary
Phase 5: Communication
- Notify affected customers via email
- Provide details: what happened, what data was affected, what we did, what customers should do
- Notify relevant regulatory authorities if required (GDPR: within 72 hours to supervisory authority)
Phase 6: Post-Incident Review
- Conduct root cause analysis
- Document lessons learned
- Update security controls to prevent recurrence
- Update this incident response plan if needed
4. Customer Notification
When a security incident affects customer data, our notification will include:
- What happened: Description of the incident
- When it happened: Timeline of the incident
- What data was affected: Types of data involved
- What we did: Actions taken to contain and remediate
- What you should do: Recommended actions for affected customers
- Contact information: How to reach us for questions
Notifications are sent via email to the account owner's registered email address.
5. Regulatory Obligations
- GDPR (EU): Data breaches reported to supervisory authority within 72 hours. Affected data subjects notified without undue delay when breach poses high risk.
- CCPA (California): Affected California residents notified as required by Cal. Civ. Code § 1798.82.
- State breach notification laws: Compliance with applicable state notification requirements based on affected individuals' residency.
Report a Security Incident
If you believe you have discovered a security incident or vulnerability:
- Email: security@haiec.com
- Vulnerability reports: Responsible Disclosure Policy