LogiRootLogiRootAI Governance Platform

Security disclosure

Last updated 2026-05-07

Reporting a vulnerability

Please report security vulnerabilities to security@logirootai.com. We acknowledge receipt within two business days. We treat good-faith research that follows the rules below as authorized access; we do not pursue legal action and welcome coordinated disclosure.

For sensitive reports, encrypt with our PGP key (below) before sending.

PGP key

Fingerprint:

3E07 9E5E F392 EE57 512C 6F22 1C76 8BAE 1A1E 81D7

Download public key

Coordinated disclosure timeline

  • Day 0: Report received. Acknowledgement within two business days.
  • Days 1–14: Triage and severity assessment. Researcher kept informed.
  • Days 14–60: Mitigation deployed where applicable; advisory drafted in coordination with the reporter.
  • Day 90: Public disclosure window. We aim to publish or coordinate disclosure no later than 90 days from initial report unless mutually extended.

Safe harbor for good-faith research

We will not pursue legal action against researchers who:

  • Test only against accounts and infrastructure they own or have explicit permission to test
  • Avoid privacy violations, destruction of data, and interruption of service
  • Report vulnerabilities through the channel above and allow us reasonable time to respond before public disclosure
  • Do not exfiltrate customer data; if a vulnerability provides access, demonstrate via a minimum proof-of-concept and stop

Out of scope

  • Denial-of-service or volumetric testing of any kind
  • Social engineering of LogiRoot staff or contractors
  • Physical access testing of LogiRoot facilities
  • Testing against customer-owned data without that customer's explicit written authorization
  • Reports based solely on automated scanner output without demonstrated impact

For non-security issues, contact support@logirootai.com.