Responsible Disclosure Policy
Private Identity LLC is committed to protecting the security, privacy, and trust of our customers, partners, and users.
We recognize the value of the security research community and encourage the responsible reporting of security vulnerabilities.
This Responsible Disclosure Policy outlines how to report security issues and what you can expect from us in return.
1. Scope
This policy applies to security vulnerabilities discovered in systems, applications, APIs, SDKs, and services that are owned or operated by Private Identity LLC.
This policy does not permit:
– Denial-of-service attacks or service disruption
– Social engineering, phishing, or physical security testing
– Access to customer data or accounts you do not own
– Testing against third-party systems not controlled by Private Identity
2. Safe Harbor
Private Identity considers security research conducted in good faith and in accordance with this policy to be authorized.
If you comply with this policy, we will not pursue legal action or report your activities to law enforcement.
3. How to Report a Vulnerability
Please report security vulnerabilities as soon as possible by emailing:
security@privateid.com
Include:
– A clear description of the issue
– Affected systems or endpoints
– Steps to reproduce
– Proof-of-concept (if applicable)
– Potential security impact
Encrypted submissions are welcome.
4. Researcher Guidelines
We ask that you:
– Use only accounts or data you own or are authorized to use
– Access the minimum data necessary to validate the issue
– Stop testing and report immediately if sensitive data is encountered
– Avoid exploiting vulnerabilities beyond proof-of-concept
– Do not publicly disclose the issue before remediation or written approval
5. Our Commitment
When you report a vulnerability, Private Identity will:
– Acknowledge your report promptly
– Assess and validate the issue
– Prioritize remediation based on risk
– Communicate as appropriate throughout the process
6. Disclosure
We support coordinated disclosure and ask that you refrain from public disclosure until the issue has been resolved or a mutually agreed timeline is established.
7. Bug Bounty
Private Identity does not currently operate a bug bounty program. Submission of vulnerabilities does not guarantee compensation.
8. Updates
This policy may be updated periodically to reflect changes in our security practices or threat landscape.