Responsible disclosure policy
We take the security of our systems and user data seriously. If you believe you've discovered a security vulnerability, we appreciate your help in responsibly disclosing it to us.
Please email us at: security@braintrustdata.com
Include as much of the following information as possible:
- A description of the vulnerability
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots (if applicable)
- The potential impact
- Your contact information
When you report a vulnerability responsibly, we commit to:
- Acknowledge receipt of your report within 5 business days
- Investigate and validate the issue promptly
- Remediate confirmed vulnerabilities in a timely manner per our policies
We ask that you:
- Do not publicly disclose the issue until we've had a reasonable opportunity to fix it
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not access, modify, or delete data that does not belong to you
- Do not disrupt our services (e.g., through denial-of-service attacks)
- Act in good faith to avoid privacy violations, destruction of data, or interruption of service
We will not pursue legal action against researchers who:
- Follow this policy
- Report vulnerabilities in good faith
- Avoid privacy violations and service disruption
This policy applies to vulnerabilities in systems and services owned and operated by Braintrust.