Responsible Disclosure Policy

Our Commitment

SecodX is committed to working with security researchers to identify and resolve security vulnerabilities. We appreciate responsible disclosure and will work with you to validate and address any findings.

Scope

In-scope: secodx.com, demo.secodx.com, SecodX application platform, and related infrastructure. Out-of-scope: Denial of service attacks, social engineering, physical attacks.

Process

• Report vulnerabilities to security@secodx.com
• Include a clear description, steps to reproduce, and potential impact
• We will acknowledge receipt within 2 business days
• We will keep you informed of our progress
• We ask that you allow us reasonable time to remediate before public disclosure

Safe Harbour

We will not pursue legal action against researchers who follow this policy in good faith. We ask that you do not access, modify, or delete user data, and that you do not disrupt service availability.