Security disclosure
Last updated 2026-05-07
Reporting a vulnerability
Please report security vulnerabilities to security@logirootai.com. We acknowledge receipt within two business days. We treat good-faith research that follows the rules below as authorized access; we do not pursue legal action and welcome coordinated disclosure.
For sensitive reports, encrypt with our PGP key (below) before sending.
PGP key
Fingerprint:
3E07 9E5E F392 EE57 512C 6F22 1C76 8BAE 1A1E 81D7
Download public keyCoordinated disclosure timeline
- Day 0: Report received. Acknowledgement within two business days.
- Days 1–14: Triage and severity assessment. Researcher kept informed.
- Days 14–60: Mitigation deployed where applicable; advisory drafted in coordination with the reporter.
- Day 90: Public disclosure window. We aim to publish or coordinate disclosure no later than 90 days from initial report unless mutually extended.
Safe harbor for good-faith research
We will not pursue legal action against researchers who:
- Test only against accounts and infrastructure they own or have explicit permission to test
- Avoid privacy violations, destruction of data, and interruption of service
- Report vulnerabilities through the channel above and allow us reasonable time to respond before public disclosure
- Do not exfiltrate customer data; if a vulnerability provides access, demonstrate via a minimum proof-of-concept and stop
Out of scope
- Denial-of-service or volumetric testing of any kind
- Social engineering of LogiRoot staff or contractors
- Physical access testing of LogiRoot facilities
- Testing against customer-owned data without that customer's explicit written authorization
- Reports based solely on automated scanner output without demonstrated impact
For non-security issues, contact support@logirootai.com.