Data breach notifications

Notifying customers

In the event that Flexera determines that customer personally identifiable data is involved in a security incident, Flexera will notify the impacted business customers in accordance with contractual or regulatory requirements, using the appropriate communication channels. Flexera will issue official customer notifications to all impacted customers, within 72 hours of becoming aware of the breach.

Responding to customer notifications

Flexera maintains a comprehensive data breach and security incident response policy, supported by documented procedures and a dedicated Incident Response Team with clearly defined roles and responsibilities.

These processes are designed to ensure timely identification, assessment, containment, and remediation of security incidents.

Upon receipt of a customer notification relating to an incident involving confidential personal information, the Incident Response Team will promptly investigate and will formally respond within 24 hours, in line with established service commitments and internal escalation procedures.

Customers should report any suspected data breaches or security incidents via their designated Flexera support channels, or by contacting their account manager directly.

If you are a security researcher and want to report a suspected vulnerability in a Flexera product or service, please see the section on reporting vulnerabilities to the PSIRT. This approach is also available for researchers working on the behalf of customers, where the customer does not want to report the issue directly to Flexera.

Customers should typically not use the PSIRT vulnerability reporting mechanism for reporting suspected data breaches or security incidents – the vulnerability reporting mechanism is not intended to provide 24/7 support or rapid response and is not part of Flexera's customer support system.