Found a security issue with PureClarity? We appreciate security researchers who help keep our platform secure. This policy outlines how to test responsibly and report security issues.Documentation Index
Fetch the complete documentation index at: https://docs.pureclarity.com/llms.txt
Use this file to discover all available pages before exploring further.
While we don’t run a paid bug bounty program, we genuinely value researchers who help improve PureClarity’s security.
Legal Protection
Our Commitment
When you follow this policy, PureClarity promises: ✅ No legal action against you for security research ✅ Authorized research under applicable laws (CFAA, DMCA, etc.) ✅ Collaborative approach - we work with you, not against you ✅ Good faith treatment throughout the processThis policy provides legal safe harbor for responsible security research conducted within the specified guidelines.
Scope of Testing
✅ Approved Testing Targets
You may test:- *Any .pureclarity.com domains and subdomains
- PureClarity APIs and endpoints
- Mobile applications developed by PureClarity
- JavaScript libraries (on your own test accounts only)
❌ Prohibited Activities
Please do not:- Physical attacks on offices or personnel
- Access other customers’ data or accounts
- Denial of service attacks or service disruption
- Test on customer websites using PureClarity (only test on PureClarity infrastructure)
Responsible Testing Guidelines
Setting Up for Testing
-
Create a test account
- Sign up for a free PureClarity account
- Clearly mark it as a test/research account
- Use only test data and scenarios
-
Scope limitation
- Test only on your own account data
- Don’t attempt to access other users’ information
- Focus on security vulnerabilities, not privacy violations
-
Testing methodology
- Use manual testing methods when possible
- Avoid automated tools that generate excessive traffic
- Stop immediately if you encounter other users’ data
Reporting Security Issues
Contact Information
Email: support@pureclarity.com Subject Line: “Security Issue: [Brief Description]“Required Information
Include in your report: Issue Details- Clear description of the vulnerability
- Potential impact and risk assessment
- Classification (if known): OWASP category, CVE, etc.
- Step-by-step instructions to reproduce
- Screenshots or videos if helpful
- Specific URLs, parameters, or data involved
- Why this issue matters
- Potential attack scenarios
- Affected systems or users
- Your name (if you want public credit)
- Preferred contact method
- Any affiliation or organization
Clear, detailed reports help us understand and fix issues more quickly.
Response Process
Our Timeline
Initial Response: Within 5 business days- Acknowledgment of receipt
- Initial assessment of the issue
- Confirmation of coverage under this policy
- Progress updates on investigation
- Timeline for potential fixes
- Any additional information needed
- We aim to resolve issues within 90 days
- Complex issues may require additional time
- We’ll keep you informed of any delays
Disclosure Timeline
We request 90 days before public disclosure, but we’re flexible based on the severity and circumstances of the issue.
- Work together on disclosure timeline
- Public credit if desired
- Coordinate any public announcements
Recognition and Thanks
How We Show Appreciation
While we can’t offer cash rewards, we provide: 🏆 Social Media Recognition- Shoutout from our founders on social platforms
- Recognition of your contribution to security
- LinkedIn recommendation from our founders
- Professional reference for security work
- Recognition in security advisories (if desired)
- Credit in our security acknowledgments
Frequently Asked Questions
What types of issues are you looking for?
High-priority issues:- Authentication bypasses
- SQL injection or other injection attacks
- Cross-site scripting (XSS)
- Access control vulnerabilities
- Data exposure issues