Responsible Disclosure Policy

Our Commitment

At Reconis AI, we take security seriously. We appreciate the security research community's efforts to help keep our systems and services secure. This policy outlines how to report security vulnerabilities responsibly.

How to Report

If you discover a security vulnerability, please report it to us immediately:

Please include as much detail as possible, including:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested remediation (if any)

What We Promise

• We will acknowledge receipt of your report within 48 hours
• We will provide regular updates on the status of the vulnerability
• We will work with you to understand and resolve the issue
• We will credit you for your responsible disclosure (if you wish)
• We will not take legal action against security researchers who act in good faith

What We Ask

To ensure a responsible disclosure process, we ask that you:

• Give us reasonable time to fix the issue before public disclosure
• Do not access or modify data that does not belong to you
• Do not disrupt our services or systems
• Do not violate any laws or breach any agreements
• Keep the vulnerability details confidential until we have addressed it
• Act in good faith and avoid any destructive or malicious activities

Out of Scope

The following activities are out of scope for our responsible disclosure program:

• Social engineering or phishing attacks
• Physical security attacks
• Denial of service attacks
• Spam or unsolicited messages
• Issues that require physical access to devices
• Vulnerabilities in third-party applications or services

Recognition

We appreciate the security research community's contributions. With your permission, we would like to recognize your responsible disclosure. We will not disclose your identity without your explicit consent.

Questions?

If you have any questions about this policy or the disclosure process, please contact us at security@reconis.ai.