Security

How CMDB Compass handles your data, reports vulnerabilities, and protects your ServiceNow environment.

Reporting a Vulnerability

If you've found a security issue in CMDB Compass, we want to know. Email security@cmdbcompass.com and we'll acknowledge your report within 48 hours. We'll keep you informed as we investigate and won't take legal action against researchers acting in good faith.

What to include in your report

Steps to reproduce the issue
The potential impact
Any relevant screenshots or logs

Data Handling

✓

CMDB Compass does not store your CI data. Queries pass through to your ServiceNow instance and results are returned directly to your AI client.

✓

No CMDB data is used to train any AI model. CMDB Compass has no model of its own and does not send your data to any third party for training or fine-tuning.

✓

ServiceNow credentials are encrypted at rest and can be permanently deleted at any time from your dashboard.

✓

Every write operation creates an auditable change request inside your ServiceNow instance. CMDB Compass does not hold copies of your data.

AI Provider Data Policies

Your chosen AI client processes the results under its own data policies.

ServiceNow AI Agents

Data never leaves your ServiceNow instance. Queries and results stay entirely within your environment.

Claude (Anthropic)

Anthropic is an official ServiceNow technology partner and the AI behind Now Assist. Enterprise and Teams plans do not use your data for training.

ChatGPT (OpenAI)

Enterprise and Teams plans do not use your data for training. API usage is excluded from model training by default.

Contact

Security concerns: security@cmdbcompass.com
General support: support@cmdbcompass.com