Responsible Disclosure Policy

Scope

This policy applies to all Adamic-operated services, including:

• adamic.io (marketing website)
• workspace.adamic.io (platform application)
• Associated APIs and infrastructure

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any Adamic service, please report it to us at [email protected].

Please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any relevant screenshots, logs, or proof-of-concept code
• Your preferred contact information for follow-up

Our Commitment

• Acknowledgement: We will acknowledge receipt of your report within 2 business days.
• Assessment: We will investigate and validate the reported vulnerability promptly.
• Communication: We will keep you informed of our progress toward resolving the issue.
• Resolution: We aim to remediate confirmed vulnerabilities in a timeframe appropriate to their severity.
• Recognition: With your permission, we will acknowledge your contribution in resolving the vulnerability.

Guidelines

We ask that security researchers:

• Act in good faith and avoid actions that could harm our users, systems, or data
• Do not access, modify, or delete data belonging to other users
• Do not perform denial-of-service attacks or degrade service availability
• Do not publicly disclose a vulnerability before we have had reasonable time to address it
• Comply with all applicable laws

Safe Harbor

We consider security research conducted in accordance with this policy to be authorized and will not pursue legal action against researchers who act in good faith and comply with these guidelines.

Out of Scope

The following are not in scope for this policy:

• Social engineering attacks against Adamic employees or contractors
• Physical security testing
• Denial-of-service testing
• Spam or phishing testing against Adamic users