Vulnerability disclosure¶
AccuPredix welcomes responsible reports from security researchers and customers.
How to report¶
Email security@accupredix.com with:
- Clear description of the issue
- Steps to reproduce
- Impact assessment (confidentiality, integrity, availability)
- Supporting logs or screenshots if helpful
Please do not access, modify, or delete data belonging to other tenants.
Our process¶
| Step | Timeline |
|---|---|
| Acknowledge | Within 48 business hours |
| Triage | Severity assigned; critical customer-data issues same-day when possible |
| Fix & disclose | Patch deployed; coordinated disclosure after fix; credit if desired |
Scope¶
In scope
- accupredix.com and subdomains
- AccuPredix web application and API
- Official PWA clients
Out of scope
- Social engineering
- Physical attacks
- Third-party services you do not own (Shopify, Stripe, etc.)
- Denial-of-service against shared infrastructure without prior agreement
Safe harbour¶
We will not pursue legal action against researchers who:
- Follow this policy
- Avoid privacy violations and data exfiltration beyond proof-of-concept
- Give us reasonable time to remediate before public disclosure
Machine-readable¶
https://app.accupredix.com/.well-known/security.txt
Contact¶
security@accupredix.com