Incident Response Policy

1. Purpose

The purpose of the Incident Response Policy is to:

• Protect user data and privacy
• Limit damage from security or platform integrity incidents
• Ensure rapid, coordinated response across all Vibble departments
• Meet legal obligations for breach notifications and escalation

2. Types of Incidents Covered

• Account takeovers or credential compromise
• Platform outages, data breaches, or system intrusions
• High-risk misinformation incidents
• Live harassment, violence, or criminal activity
• Botnet or manipulation attacks
• Government escalations or emergency legal requests

3. Incident Response Lifecycle

1. Detection — monitoring systems, user reports, API logs
2. Assessment — classify severity, affected systems, scope
3. Containment — isolate compromised systems or accounts
4. Eradication — remove malicious activity or vulnerabilities
5. Recovery — restore systems and user features
6. Post-Mortem Review — lessons learned and future prevention

4. Severity Levels

• Low: Minor misuse, isolated spam, small-scale bugs
• Medium: Non-critical data exposure or harassment waves
• High: Live criminal threats, sensitive-data exposures
• Critical: CSAM, terrorism, major data breach

5. Notification Obligations

• User notification for applicable incidents (GDPR, CCPA)
• Law enforcement notification for CSAM, terrorism, violence
• Regulatory reporting for material breaches

6. Contacts

Security Incidents: security@vibble.com
Emergency Safety: emergency@vibble.com
Legal Escalation: legal@vibble.com
Nexa Group Incident Office: incidents@nexa-group.org