Responsible Disclosure Policy
We take security seriously. If you discover a vulnerability in Cerebion products or infrastructure, please report it responsibly.
How to Report
Email support@cerebion.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information (optional)
Our Commitment
- We will acknowledge your report within 2 business days
- We will investigate and provide updates within 10 business days
- We will not take legal action against good-faith researchers
- We will credit you in our release notes (if desired)
Scope
In scope: cerebion.com, license.cerebion.com, Cerebion Rivet desktop application.
Out of scope: Third-party services (Stripe, AWS), social engineering attacks.