Found a security issue with PureClarity? We appreciate security researchers who help keep our platform secure. This policy outlines how to test responsibly and report security issues.
While we don’t run a paid bug bounty program, we genuinely value researchers who help improve PureClarity’s security.

Our Commitment

When you follow this policy, PureClarity promises: No legal action against you for security research ✅ Authorized research under applicable laws (CFAA, DMCA, etc.) ✅ Collaborative approach - we work with you, not against you ✅ Good faith treatment throughout the process
This policy provides legal safe harbor for responsible security research conducted within the specified guidelines.

Scope of Testing

✅ Approved Testing Targets

You may test:
  • *Any .pureclarity.com domains and subdomains
  • PureClarity APIs and endpoints
  • Mobile applications developed by PureClarity
  • JavaScript libraries (on your own test accounts only)

❌ Prohibited Activities

Please do not:
  • Physical attacks on offices or personnel
  • Access other customers’ data or accounts
  • Denial of service attacks or service disruption
  • Test on customer websites using PureClarity (only test on PureClarity infrastructure)
Testing outside these guidelines may result in legal action and is not covered by this disclosure policy.

Responsible Testing Guidelines

Setting Up for Testing

  1. Create a test account
    • Sign up for a free PureClarity account
    • Clearly mark it as a test/research account
    • Use only test data and scenarios
  2. Scope limitation
    • Test only on your own account data
    • Don’t attempt to access other users’ information
    • Focus on security vulnerabilities, not privacy violations
  3. Testing methodology
    • Use manual testing methods when possible
    • Avoid automated tools that generate excessive traffic
    • Stop immediately if you encounter other users’ data
Quality over quantity - focus on meaningful security issues rather than running comprehensive automated scans.

Reporting Security Issues

Contact Information

Email: support@pureclarity.com Subject Line: “Security Issue: [Brief Description]“

Required Information

Include in your report: Issue Details
  • Clear description of the vulnerability
  • Potential impact and risk assessment
  • Classification (if known): OWASP category, CVE, etc.
Reproduction Steps
  • Step-by-step instructions to reproduce
  • Screenshots or videos if helpful
  • Specific URLs, parameters, or data involved
Context and Impact
  • Why this issue matters
  • Potential attack scenarios
  • Affected systems or users
Attribution
  • Your name (if you want public credit)
  • Preferred contact method
  • Any affiliation or organization
Clear, detailed reports help us understand and fix issues more quickly.

Response Process

Our Timeline

Initial Response: Within 5 business days
  • Acknowledgment of receipt
  • Initial assessment of the issue
  • Confirmation of coverage under this policy
Regular Updates: Throughout the process
  • Progress updates on investigation
  • Timeline for potential fixes
  • Any additional information needed
Resolution Timeline: Target 90 days
  • We aim to resolve issues within 90 days
  • Complex issues may require additional time
  • We’ll keep you informed of any delays

Disclosure Timeline

We request 90 days before public disclosure, but we’re flexible based on the severity and circumstances of the issue.
Coordinated disclosure:
  • Work together on disclosure timeline
  • Public credit if desired
  • Coordinate any public announcements

Recognition and Thanks

How We Show Appreciation

While we can’t offer cash rewards, we provide: 🏆 Social Media Recognition
  • Shoutout from our founders on social platforms
  • Recognition of your contribution to security
💼 Professional Recognition
  • LinkedIn recommendation from our founders
  • Professional reference for security work
📝 Public Credit
  • Recognition in security advisories (if desired)
  • Credit in our security acknowledgments
Every security report helps us build a better, more secure product for all our customers.

Frequently Asked Questions

What types of issues are you looking for?

High-priority issues:
  • Authentication bypasses
  • SQL injection or other injection attacks
  • Cross-site scripting (XSS)
  • Access control vulnerabilities
  • Data exposure issues

What if I’m not sure if something is a security issue?

When in doubt, report it! We’d rather investigate a non-issue than miss a real vulnerability.

Can I test integrations with other platforms?

Only test PureClarity’s components and infrastructure. Don’t test third-party platforms or customer websites.

How do I get help with testing?

Email support@pureclarity.com with questions about this policy or testing guidelines.

Policy Updates

This policy may be updated periodically. Check back for the latest version before conducting security research.
Last updated: June 2025

Contact Us

Questions about this policy? Just email support@pureclarity.com - we’re friendly and happy to help! Thanks for helping keep PureClarity secure! 🔒