Security is core to how PRSM handles sensitive due-diligence data. If you believe you have found a vulnerability in our website or service, we want to hear from you.
This document is a starting template and must be reviewed by qualified security and legal stakeholders before it is relied upon.
How to report
Email [email protected] with:
- A clear description of the issue and where you found it.
- Steps to reproduce, and any proof-of-concept (please keep it minimal).
- Your assessment of the potential impact.
If you need to share sensitive details, ask us for a secure channel.
Our commitments
If you make a good-faith effort to follow this policy, we will:
- Acknowledge your report within [response window].
- Keep you updated on our progress toward a fix.
- Not pursue legal action against you for research conducted in line with this policy.
Please do
- Give us reasonable time to investigate and remediate before any public disclosure.
- Only interact with accounts you own or have explicit permission to test.
Please do not
- Access, modify, or exfiltrate data that is not yours.
- Degrade our service (no denial-of-service or spam testing).
- Use social engineering, physical attacks, or target our staff or clients.
Scope
In scope: this website and the PRSM application. Out of scope: third-party services we rely on (report those to the relevant provider), and findings that require already-compromised devices or unrealistic user interaction.
Recognition
We’re happy to credit researchers who report valid issues, with your permission. [Confirm whether a bounty is offered.]
Contact
Security reports: [email protected].