Responsible Disclosure Policy

Last updated: July 2025

ThreatRiX is a cybersecurity company. We take the security of our platform and our clients' data seriously. If you believe you've found a security vulnerability in our systems, we want to hear from you.

24hr
Acknowledgement of your report
72hr
Initial assessment of critical findings
30 days
Target resolution for confirmed vulnerabilities

How to report

Email: [email protected]

Please include: a description of the vulnerability, steps to reproduce it, any proof-of-concept code or screenshots, and your contact details for follow-up.

What we ask

  • Do not access, modify, or delete data belonging to others
  • Do not perform denial-of-service attacks or automated scanning against our systems without prior permission
  • Do not publicly disclose the vulnerability before we have had a reasonable chance to remediate it
  • Act in good faith — we will do the same

Our commitments

  • We will acknowledge your report within 24 hours
  • We will keep you informed of our progress
  • We will not pursue legal action against researchers acting in good faith under this policy
  • We will publicly acknowledge your contribution (if you wish) once the issue is resolved

Scope

In scope: www.threatrix.ai, blog.threatrix.ai, api.threatrix.ai, and any other subdomain under threatrix.ai.

Out of scope: third-party services we use, social engineering attacks, physical security, or issues with no security impact.

Contact

Email: [email protected]
General security questions: [email protected]