Retain Saas TrueML Products - Logo
Pricing
Demo
Retain Saas TrueML Products - Logo

Responsible Disclosure Policy

At TrueML, the security of our infrastructure is a top priority. We recognize the vital role that independent security researchers play in keeping the digital ecosystem safe. This policy outlines our commitment to coordinating with the security community and provides a “Safe Harbor” for researchers acting in good faith.

1. Reporting a Vulnerability

If you believe you have discovered a potential security vulnerability in a TrueML product or our infrastructure, please submit a report to [email protected].

Your report should include:

  • A detailed description of the vulnerability and its potential impact.
  • Step-by-step instructions (or a Proof of Concept script) to reproduce the issue.
  • The specific URL, IP address, or endpoint affected.
  • Your contact information for follow-up communications.

2. Our Commitment

If you follow this policy, we will:

  • Acknowledge receipt of your report within 3 business days.
  • Work to validate and remediate the issue in a timely manner.
  • Maintain open communication regarding the status of your report.
  • Not pursue legal action against you, provided you adhere to the guidelines below.

3. Guidelines and Restrictions

To remain in compliance with this policy and qualify for Safe Harbor, you must:

  • Avoid Privacy Violations: Do not access, modify, or delete data belonging to TrueML Products clients or their consumers.
  • No Service Disruption: Do not perform Denial of Service (DoS/DDoS) attacks or use automated scanners that may impact system performance.
  • Confidentiality: Do not disclose vulnerability details to third parties or the public until TrueML has addressed the issue and provided explicit written consent.
  • Legality: Abide by all applicable laws, including the Computer Fraud and Abuse Act (CFAA) and state equivalents.

4. Safe Harbor

TrueML considers security research conducted under this policy to be “authorized” access under relevant anti-hacking laws. We will not initiate legal action against researchers for accidental, good-faith violations of this policy, provided they immediately cease activity and notify us upon discovery of a sensitive data exposure.