Responsible Disclosure Policy
Last updated: July 2025
ThreatRiX is a cybersecurity company. We take the security of our platform and our clients' data seriously. If you believe you've found a security vulnerability in our systems, we want to hear from you.
24hr
Acknowledgement of your report
72hr
Initial assessment of critical findings
30 days
Target resolution for confirmed vulnerabilities
How to report
Email: [email protected]
Please include: a description of the vulnerability, steps to reproduce it, any proof-of-concept code or screenshots, and your contact details for follow-up.
What we ask
- Do not access, modify, or delete data belonging to others
- Do not perform denial-of-service attacks or automated scanning against our systems without prior permission
- Do not publicly disclose the vulnerability before we have had a reasonable chance to remediate it
- Act in good faith — we will do the same
Our commitments
- We will acknowledge your report within 24 hours
- We will keep you informed of our progress
- We will not pursue legal action against researchers acting in good faith under this policy
- We will publicly acknowledge your contribution (if you wish) once the issue is resolved
Scope
In scope: www.threatrix.ai, blog.threatrix.ai, api.threatrix.ai, and any other subdomain under threatrix.ai.
Out of scope: third-party services we use, social engineering attacks, physical security, or issues with no security impact.
Contact
Email: [email protected]
General security questions: [email protected]