Trust hub
Responsible disclosure
Security researchers get a clear reporting path and safe-harbor language.
Control surface
Responsible disclosure
Access
Role boundaries, MFA assumptions, and review ownership are explicit.
Policy
Terms, privacy, subprocessors, and incident notes stay linked.
Evidence
Changes, exceptions, and approvals are documented before release.
Buyer check
A procurement or legal reviewer can inspect the operating stance quickly.
Policy position
Scope, safe harbor, reporting, response SLA, hall of fame, and bounty roadmap.
This page is reviewed on a scheduled cadence. Enterprise clients can request supporting artifacts during procurement, onboarding, or renewal.
Operating controls
Controls are mapped to owner, cadence, artifact, escalation route, and client-facing evidence where applicable. We do not claim certification unless expressly stated in an accepted SOW.
- Owner assigned
- Last reviewed 2026-05-03
- Next review due 2026-08-03
- Evidence retained in the governance workspace