My Traffic Case

Security and responsible disclosure

Report suspected vulnerabilities affecting MyTrafficCase accounts, cases, documents, payments, or communications. We prioritize issues that could affect access, isolation, sensitive data, or payment state.

Email SecurityPayment Security
Reports5 business days

Target acknowledgement for well-formed submissions.

PaymentsNo card storage

We do not store full card numbers or CVV codes.

Product security

We focus on protecting account access, case records, documents, payment state, and role boundaries.

  • Authentication and session protections
  • Role and tenant isolation
  • Non-destructive vulnerability review

Data handling

Case and document workflows are designed to keep sensitive traffic-ticket information attached to the right matter.

  • Case-linked files and history
  • Access-aware workflows
  • Sensitive-data exposure review

Payment security

Card payments are handled through validated payment providers instead of storing card data in MyTrafficCase.

  • PCI DSS validated providers
  • Stripe-powered payment flows where configured
  • No full card numbers or CVV storage

Response process

Well-formed reports are prioritized by impact and coordinated directly with the reporter when validation is needed.

  • Five-business-day acknowledgement target
  • Impact-based triage
  • Direct remediation coordination

How to report

Send enough detail for the team to reproduce and assess impact.

Email security@mytrafficcase.com with a concise report. Authorized testing is limited to your own accounts, test data, and non-destructive verification.

  1. Concise summary of the suspected vulnerability
  2. Affected URL, account area, case workflow, or payment workflow
  3. Reproduction steps using your own account and test data
  4. Impact assessment and any relevant request IDs or screenshots

Testing boundaries

Keep testing limited, lawful, and non-destructive.

Do not attempt password attacks, denial-of-service testing, persistence, social engineering, mass scraping, or access to real customer data. Reports involving account access, tenant isolation, document exposure, payment state changes, authentication bypass, sensitive data leakage, or production secret exposure receive priority.

Payment compliance

Card payments are handled by PCI DSS validated payment providers.

Payments are processed through PCI DSS validated payment providers. Stripe-powered payment flows use Stripe, a PCI Service Provider Level 1. We do not store full card numbers or CVV codes. This statement describes the payment-provider model and is not a claim that MyTrafficCase has completed its own PCI certification or SAQ-A.

Provider-backed card handling

Learn more about Stripe security and compliance posture directly from Stripe.

Stripe security page
Cookie choices

We use necessary cookies to keep sign-in and core workflows working. Preference storage for theme and workspace layout stays off until you allow it.