Skip to main content

Responsible Disclosure

Responsible disclosure.

Audact welcomes coordinated vulnerability disclosure from independent security researchers. If you believe you have found a security issue, please report it confidentially before public disclosure.

How to report

  • Email security@audact.ai
  • Encrypt with our PGP public key (available on request). Our security contact is published at /.well-known/security.txt
  • Include a reproducible proof-of-concept, affected version / endpoint, and your contact details
security@audact.ai 48-hour acknowledgement PGP key — publishing Q3 2026

Safe-harbour commitment

Audact will not pursue legal action against researchers who act in good faith, avoid privacy violations, do not exfiltrate customer data, and give us a reasonable time to remediate before public disclosure (target: 90 days, negotiable).

Bug-bounty programme

A monetary bug-bounty programme is scheduled for Q1 2027 launch, after SOC 2 Type II audit kick-off. Until then, qualifying reports receive named acknowledgement on the security hall-of-fame (with researcher consent).