Institution
Data and security
Information handled in the course of registry and due diligence work is subject to defined handling, retention and security practices.
Registry data
Registry records are published data, drawn from sources cited on the record itself. Publication follows the evidentiary standard set out in the Standard for Registry Record Publication.
Due diligence data
Information gathered in the course of a due diligence engagement is confidential to the commissioning party and is not published in the registry or shared with third parties, except where the commissioning party directs otherwise or where required by law.
Submission channels
Sensitive case material is not accepted through unsecured public forms on this website. Enquiry forms on this site collect only basic contact and scoping information; a secure channel is provided for supporting documentation once an engagement is under way.
Retention
Registry records are retained for as long as they remain published, and withdrawn records are retained in accordance with the registry record publication standard. Due diligence engagement records are retained for a period sufficient to support the review and correction process described below, and are not retained indefinitely beyond that purpose.
Reporting a vulnerability
Security researchers and members of the public may report a suspected vulnerability in this website or its systems through the report a vulnerability page.