Comitium AI — Responsible Disclosure Policy

Last Updated: 1/1/2025

Comitium AI is committed to the security of our systems, users, and data.
We value contributions from the security research community and encourage responsible reporting of vulnerabilities.

If you believe you have discovered a security vulnerability in any Comitium AI product, service, website, or system, please report it to us following the guidelines below.

________________________________

1. How to Report a Vulnerability

Please send reports to:
📧 security@comitiumai.com

Include as much detail as possible:

Description of the issue

Steps to reproduce

Potential impact

Proof-of-concept code or screenshots (if available)

Your contact information for follow-up

We will acknowledge receipt within 72 hours.

________________________________

2. What We Ask of You

To protect users and systems, we request that you:

2.1 Act in Good Faith

Do not access, modify, or delete data that is not your own.

Avoid disrupting services or degrading system performance.

Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.

2.2 Avoid High-Risk Activities

Do not:

Conduct social engineering attacks

Use automated scanning tools that generate excessive traffic

Attempt physical security breaches

Access accounts without authorization

Use discovered vulnerabilities for research beyond testing or for any personal gain

2.3 Follow Coordinated Disclosure

Give us reasonable time to investigate and remediate the issue before public disclosure.

Do not publicly disclose the vulnerability without our written approval.

________________________________

3. Our Commitment to You

When you report a vulnerability responsibly, Comitium AI will:

3.1 Respond Promptly

We will acknowledge your report within 72 hours and keep you updated throughout the remediation process.

3.2 Investigate Thoroughly

Our security team will assess the issue, determine impact, and prioritize fixes.

3.3 Not Pursue Legal Action

If you follow this policy and act in good faith, we will not take legal action against you for your research.

3.4 Credit

With your permission, we may recognize your contribution on our website or in release notes.

________________________________

4. Scope

This policy applies to:

comitiumai.com and subdomains

Comitium AI applications, APIs, and cloud services

Model endpoints and associated systems

Out of scope:

Third-party services or integrations

Denial-of-service attacks

Spam or social engineering reports

Physical security or office infrastructure

________________________________

5. Legal Safe Harbor

Comitium AI supports standard safe harbor principles:

If your security research is conducted:

in accordance with this policy,

in good faith, and

without causing harm,

Comitium AI will consider the activity authorized and will not pursue litigation or law enforcement referrals.

This does not apply to actions that violate laws unrelated to security research (e.g., data theft, extortion).

________________________________

6. Updates to This Policy

We may update this Responsible Disclosure Policy from time to time.
Material changes will be reflected on this page.

________________________________

7. Contact

For responsible disclosure submissions or security questions:

Comitium AI Security Team
security@comitiumai.com
https://www.comitiumai.com