Responsible Disclosure Policy
Last updated 2026-03-25
Scope
This policy applies to security vulnerabilities found in inteli·one systems, including:
- inteli.one (landing site)
- app.inteli.one (application)
- API endpoints under these domains
How to report
Send your report to [email protected]. Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Your assessment of the potential impact
- Your contact information (optional)
Disclosure timeline
We follow a 90-day coordinated disclosure process:
- Acknowledgment within 48 hours of your report
- Initial triage completed within 7 days
- Fix delivered within 90 days of a verified, in-scope report
- We will notify you when the fix is deployed
Safe harbor
We consider good-faith security research a valuable contribution and will not pursue legal action against researchers who:
- Do not access or modify data belonging to other users
- Do not disrupt or degrade our services
- Do not publicly disclose findings before the 90-day coordinated disclosure period ends
- Report findings to [email protected] promptly
Recognition
We do not currently offer a bug bounty program. However, if you would like to be credited in a security advisory for your finding, let us know in your report and we will include your name or handle.
Out of scope
The following are out of scope for this policy:
- Social engineering attacks (phishing, pretexting)
- Denial of service (DoS) or distributed denial of service (DDoS) attacks
- Physical attacks against infrastructure
- Vulnerabilities in third-party services not under our direct control
- Spam or volume-based abuse
- Issues already known to us or previously reported
Contact
Send all vulnerability reports to: [email protected]