Responsible disclosure

1. Scope

This policy applies to security vulnerabilities found in the Univerx platform, including our web application, APIs, and related infrastructure. Third-party services and integrations are out of scope.

2. Guidelines

We ask that you follow these guidelines when researching and reporting vulnerabilities:

• Act in good faith and avoid actions that could harm Univerx, our customers, or our data
• Do not access, modify, or delete data belonging to other users
• Do not perform denial-of-service attacks or degrade the availability of our services
• Do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it
• Only test against accounts you own or have explicit permission to test

3. How to report

Please send your findings to security@univerx.ai. Include as much detail as possible:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact of the vulnerability
• Any supporting evidence such as screenshots or proof-of-concept code

4. What to expect

After you submit a report, here is what you can expect from us:

• Acknowledgment of your report within 48 hours
• Regular status updates as we investigate and address the issue
• Credit in our hall of thanks, if you wish (we will ask before publishing your name)

5. Safe harbor

If you conduct security research in accordance with this policy, we consider your research to be authorized and will not pursue legal action against you. We ask that you make a good-faith effort to avoid privacy violations, data destruction, and service disruption.

6. Rewards

We do not currently offer monetary rewards for vulnerability reports. We are a small team and are not yet in a position to fund a bug bounty program. That said, we genuinely value every contribution. Your efforts make Univerx safer for everyone, and we are happy to publicly credit researchers who help us.

7. Contact

For any questions about this policy or to report a vulnerability, reach out to us at: