Responsible disclosure
Found something? We want to hear from you, and we will not take it the wrong way.
Prototype notice. This document is placeholder copy for design review. It is not legal advice and must be reviewed and completed by counsel before publication.
Our commitment
We build security software, so we welcome reports from researchers acting in good faith. If you follow this policy, we will not pursue legal action against you, we will work with you on a fix, and we will credit you if you wish.
How to report
Email security@soarcery.ai with enough detail to reproduce the issue: affected component, steps, impact, and any proof of concept. Encrypt sensitive details if you can.
Guidelines
- Give us a reasonable window to investigate and remediate before public disclosure.
- Do not access, modify, or exfiltrate data beyond what is needed to demonstrate the issue.
- Do not run denial-of-service tests or social-engineer our team or customers.
- Act in good faith and avoid privacy violations.
In scope
Our public web properties and the Soarcery platform. Third-party services we use are governed by their own programs.
What to expect
We aim to acknowledge reports quickly, keep you updated through triage and remediation, and credit valid findings. A formal bug-bounty program may follow as we mature.