Welcome to the Loris Trust Center. Data privacy and security are a fundamental part of what we do, and embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our necessary documentation.
Documents
Risk Profile
Risk Profile
We have secure, reliable hosting that customers can depend on. We are happy to provide details about our risk mitigation practices and recovery objectives upon request.
Legal
Legal
We take legal matters seriously and we always engage our legal counsel to review all commercial activities. Please contact us if you have any questions.
Security Grades
Security Grades
We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.
Incident Response
Incident Response
We have a dedicated team that responds to security incidents. We are happy to provide more details about our incident response practices upon request.
Risk Management
Risk Management
We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.
Asset Management
Asset Management
We have strict asset management policies in place to ensure that all assets are accounted for and secure.
BC/DR
BC/DR
We have a business continuity plan in place to ensure that we can continue to operate in the event of a disaster.
Training
Training
We provide security awareness training to all employees to ensure that they are aware of security best practices.
Change Management
Change Management
We have a change and configuration management process in place to ensure that changes are properly reviewed and approved.
Physical & Environment
Physical & Environment
We have physical and environmental controls in place to ensure that our data centers are secure and reliable.
Continuous Monitoring
Continuous Monitoring
We continuously monitor our systems for security threats and vulnerabilities. We are happy to provide more details about our continuous monitoring practices upon request.
Security Update regarding CVE-2026-31431 (Copy Fail)
Dear Customers,
Following the public disclosure on April 29, 2026 of a critical Linux kernel vulnerability tracked as CVE-2026-31431 and nicknamed “Copy Fail”, we immediately initiated a comprehensive assessment of all potentially affected systems and infrastructure.
We are writing to confirm that Contentsquare services and customer data remain secure. Specifically:
• Proactive Assessment & Rapid Response: Upon identification of CVE-2026-31431, our security team promptly invoked our incident response protocol. We conducted a thorough scope assessment across our full infrastructure, including all Linux-based systems and workloads. Interim mitigations were applied immediately while awaiting official patches from our vendors.
• Patch Deployment Near Complete: We are pleased to confirm that the vast majority of our production systems and services have been successfully patched against CVE-2026-31431, with zero downtime and zero failed deployments throughout the process. A small number of remaining workloads are actively being remediated and are expected to reach full patch coverage imminently.
• No Impact on Customer Data: Our investigation confirms that no customer data was accessed, exfiltrated, or impacted as a result of this vulnerability. No breach or unauthorized access has been identified within our systems or those of our sub-processors.
• Ongoing Monitoring: We’re continuously monitoring all systems for any signs of exploitation, and any newly identified affected assets are being remediated without delay.
We remain committed to the highest standards of security and transparency. If you have any questions or require a formal written confirmation, please contact us at security@contentsquare(.)com.
Sincerely,
The Contentsquare Security Team
Security Update regarding Axios supply chain compromise
Dear Customers,
Following recent supply chain attack reports regarding specific compromised Axios releases, our security team performed a comprehensive audit of our development and build environments.
We are writing to confirm that Contentsquare services and customer data remain secure.
We are also writing to confirm the following:
-
Proactive Mitigation: Upon identification of the affected package versions, we immediately invoked our incident response protocol. As a standard proactive security best practice, we completed a comprehensive rotation of internal credentials and environment secrets to ensure the continued integrity of our systems.
-
No Impact on Customer Data: Our investigation confirms that no customer data was accessed or impacted. The scope was limited to internal build processes, which have since been cleared.
-
Supply Chain Resilience: To further harden our environment, we have formalized new security policies requiring stricter version-pinning and a minimum release age requirement for all third-party dependencies. We are currently implementing these architectural controls to further minimize exposure to future supply chain risks.
We remain committed to transparency and the highest standards of data protection. If you have any questions, please contact us at security@contentsquare(.)com.
Sincerely,
The Contentsquare Security Team