Internal Policy Document
Incident Response Plan
BidRise.pro Effective: June 1, 2026 Version 1.0
Compliant with: NY SHIELD Act ยท GBL ยง 899-aa ยท NYC Cybersecurity Requirements 2026
๐Ÿšจ If you are experiencing an active breach RIGHT NOW
1. Do NOT attempt to fix it yourself first โ€” document everything you see.
2. Immediately go to Section 3 โ€” Immediate Response (First 2 Hours)
3. Call your primary security contact listed in Section 1.
4. Do not delete logs, emails, or any evidence.
Section 01

Key contacts & responsibilities

Primary โ€” Business Owner
[YOUR NAME]
Phone: [YOUR PHONE]
Email: [YOUR EMAIL]
Role: Incident commander โ€” final decision authority
Technical โ€” Developer
Claude / Ava Agent One
Platform: claude.ai
Role: Technical investigation, code fixes, deployment
Infrastructure โ€” Firebase
Google Firebase Support
Console: console.firebase.google.com
Support: firebase.google.com/support
Payments โ€” Stripe
Stripe Support
Dashboard: dashboard.stripe.com
Support: support.stripe.com
Legal Counsel
[ATTORNEY NAME โ€” INSERT]
Phone: [ATTORNEY PHONE]
Role: Advise on notification obligations
Monitoring โ€” UptimeRobot
dashboard.uptimerobot.com
Status page: stats.uptimerobot.com/1rH3ac5tNZ
Role: First alert of site outage

NY State notification authorities

NY Attorney General
NYS Office of the Attorney General
Breach reporting: ag.ny.gov/resources/individuals/privacy-and-internet/data-breach
Phone: 1-800-771-7755
NY Department of State
NYS Division of Consumer Protection
Website: dos.ny.gov
Required notification within 30 days of breach discovery
NY State Police
NYS Division of State Police
Cybercrime unit: troopers.ny.gov
Emergency: 911 ยท Non-emergency: 518-457-6811
FBI Cybercrime
FBI Internet Crime Complaint Center
Report online: ic3.gov
For ransomware, fraud, or criminal intrusion

Section 02

Incident severity levels

LevelSeverityExamplesResponse timeNotify users?
Critical Confirmed data breach โ€” user PII exposed Database dump, unauthorized access to user records, payment data exposed Immediate โ€” within 1 hour Yes โ€” within 30 days (legally required)
High System compromise โ€” no confirmed data exposure Unauthorized admin access, malware detected, site defacement Within 2 hours Possibly โ€” assess per incident
Medium Service disruption or suspected intrusion Site down >1 hour, suspicious API activity, failed login surge Within 4 hours No โ€” unless data confirmed exposed
Low Minor issue โ€” no breach, no outage Single failed login, brief downtime <5 min, spam signups Next business day No

Section 03

Immediate response โ€” first 2 hours

1
0โ€“15 minutes โ€” Detect & Contain
Stop the bleeding
Do NOT delete anything โ€” preserve all logs and evidence
Screenshot everything you can see โ€” error messages, unusual activity, timestamps
If site is actively being attacked: disable Firebase Hosting temporarily via Firebase Console
If database is being accessed: go to Firebase Console โ†’ Firestore โ†’ disable read/write rules immediately
If Stripe is involved: log into Stripe Dashboard and pause all payment links
Change your Firebase Console password and enable 2FA if not already on
2
15โ€“30 minutes โ€” Assess
Determine scope and severity
What data was potentially accessed? (user emails, business info, payment status)
How many users could be affected?
When did the breach start? Check Firebase logs for earliest suspicious activity
Is the attacker still active or have they left?
Assign severity level using Section 2 table
Document all findings in the Incident Log (Section 7)
3
30โ€“60 minutes โ€” Notify Internal
Alert your team and legal counsel
Notify all contacts listed in Section 1
Contact your attorney โ€” they will advise on legal notification timeline
If Critical severity: begin drafting user notification email (template in Section 5)
Do NOT post anything on social media yet
Do NOT notify users yet โ€” wait for legal counsel guidance
4
1โ€“2 hours โ€” Investigate & Fix
Technical investigation and remediation
Review Firebase Authentication logs for unauthorized logins
Review Firestore access logs in Google Cloud Console
Review Cloud Functions logs for unusual calls or errors
Check UptimeRobot incident history for timeline
Identify the attack vector โ€” how did they get in?
Deploy fix or patch to close the vulnerability
Rotate all API keys and secrets (GOVCON_API_KEY, BIDRISE_ADMIN_KEY, RECAPTCHA_SECRET_KEY)
Restore service only after vulnerability is confirmed closed
5
2โ€“24 hours โ€” Recovery
Restore and verify
Verify fix is working โ€” test all affected systems
Restore Firebase Hosting and Firestore rules if disabled
Monitor UptimeRobot and Firebase logs closely for 24 hours
Run full end-to-end test of the portal
Update status page on UptimeRobot

Section 04

Legal notification requirements

Under NY GBL ยง 899-aa and the SHIELD Act, if a breach exposes private information of New York residents, you must notify affected individuals, the NY Attorney General, the NY Department of State, and the NY Division of State Police. The AG has pursued enforcement where notification delays exceeded 30 days.

What triggers mandatory notification

Notification is required when a breach exposes any of the following about a NY resident:

Notification timeline

Who to notifyDeadlineHow
Affected usersExpeditiously โ€” target within 7 daysEmail to address on file (template in Section 5)
NY Attorney GeneralWithin 30 days of discoveryOnline at ag.ny.gov
NY Department of StateWithin 30 days of discoverydos.ny.gov
NY Division of State PoliceWithin 30 days of discoverytroopers.ny.gov
Stripe (if payment data involved)Immediatelysupport.stripe.com

What the notification must include


Section 05

User notification email template

Use this template as a starting point. Have your attorney review before sending. Fill in all [brackets].

Subject: Important security notice regarding your BidRise.pro account Dear [First Name / BidRise.pro user], We are writing to inform you of a security incident that may have affected your BidRise.pro account. WHAT HAPPENED On [DATE], we discovered that [BRIEF DESCRIPTION OF INCIDENT]. We immediately took steps to contain the incident and launched a thorough investigation. WHAT INFORMATION WAS INVOLVED The following information associated with your account may have been affected: - [LIST SPECIFIC DATA TYPES โ€” e.g., email address, business name, NAICS codes] WHAT WE ARE DOING We have [LIST ACTIONS TAKEN โ€” e.g., patched the vulnerability, rotated all API keys, enhanced monitoring]. We are continuing to investigate and have notified the appropriate authorities as required by New York law. WHAT YOU SHOULD DO - Change your BidRise.pro password immediately - Monitor your email for any unusual activity - If you use the same password elsewhere, change it on those accounts as well - Contact us immediately if you notice any suspicious activity FOR MORE INFORMATION If you have questions, please contact us at security@bidrise.pro or call [PHONE NUMBER]. We sincerely apologize for this incident and the concern it may cause. We take the security of your information extremely seriously. Sincerely, [YOUR NAME] BidRise.pro 447 Broadway 2nd FL #790 New York, NY 10013 security@bidrise.pro

Section 06

Post-incident review

Within 14 days of resolving any Critical or High severity incident, conduct a post-incident review covering:


Section 07

Incident log

Document every incident here regardless of severity. This log may be requested by regulators or insurers.

Date Severity Description Resolution Notified users?
โ€” โ€” No incidents recorded โ€” โ€”
Keep a separate detailed incident report document for any Critical or High severity incidents. This log is a summary index only.

Section 08

Plan maintenance

This Incident Response Plan must be reviewed and updated:

This plan was last reviewed and approved on June 1, 2026.

Plan approval
This Incident Response Plan has been reviewed and approved by the business owner.