Vulnerability Disclosure Policy

PureTensor Inc values the security community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

Scope

In Scope: puretensor.ai and all subdomains, pureclaw.ai, nesdia.com, PureClaw GitHub repositories, and any PureTensor-owned public infrastructure.

Out of Scope: Third-party services, physical security testing, social engineering, denial of service attacks, and automated scanning that degrades availability.

Reporting a Vulnerability

Contact: [email protected] (or [email protected] with "Security Vulnerability Report" in the subject line).

Include: a clear description of the vulnerability, step-by-step reproduction instructions, affected URLs or components, severity assessment, and your contact information.

What We Promise

We will acknowledge receipt within 3 business days, provide an initial assessment within 10 business days, keep you informed every 14 days, resolve critical vulnerabilities within 30 days and others within 90 days, and not pursue legal action against researchers who comply with this policy.

Safe Harbor

Security research conducted consistent with this policy is considered authorized under the CFAA, DMCA, and exempt from Terms of Service restrictions. We will not initiate legal action against compliant researchers.

Researcher Obligations

Act in good faith. Minimize harm. Do not exfiltrate data. Maintain confidentiality for 90 days. Do not demand payment. Only test in-scope systems. Notify us of unintended impacts.

Qualifying Vulnerabilities

XSS, CSRF, SSRF, SQL injection, authentication flaws, sensitive data exposure, RCE, IDOR, security misconfigurations, path traversal, and broken cryptography.

Contact

PureTensor Inc, State of Delaware, United States. Email: [email protected]