Responsible Disclosure
Responsible disclosure.
Audact welcomes coordinated vulnerability disclosure from independent security researchers. If you believe you have found a security issue, please report it confidentially before public disclosure.
How to report
- Email security@audact.ai
- Encrypt with our PGP public key (available on request). Our security contact is published at
/.well-known/security.txt - Include a reproducible proof-of-concept, affected version / endpoint, and your contact details
Safe-harbour commitment
Audact will not pursue legal action against researchers who act in good faith, avoid privacy violations, do not exfiltrate customer data, and give us a reasonable time to remediate before public disclosure (target: 90 days, negotiable).
Bug-bounty programme
A monetary bug-bounty programme is scheduled for Q1 2027 launch, after SOC 2 Type II audit kick-off. Until then, qualifying reports receive named acknowledgement on the security hall-of-fame (with researcher consent).