The objective of this policy is to provide a clear and secure process for reporting vulnerabilities discovered in the Compliance GPT Agents.

We encourage the responsible reporting of any security vulnerabilities found in the Compliance GPT Agents. Timely reporting ensures prompt action to rectify the issue, maintaining the security and integrity of our service.

1. Identification: If you identify a potential vulnerability, document the specific conditions under which it occurs, including the time, nature of the issue, and any relevant details aiding in its resolution.

2. Confidential Reporting: Report vulnerabilities using our secure Vulnerability Reporting Form. Please refrain from disclosing vulnerability details publicly or to unauthorized parties to prevent potential malicious exploitation.

3. Information Required:

   • Your contact information for follow-up.
   • A comprehensive description of the vulnerability.
   • Steps to reproduce the issue, if applicable.
   • Any additional information or screenshots that could assist in the resolution process.

4. Response: Our security team will promptly investigate the issue upon receiving your report. We may reach out to you for additional information if needed.

5. Confidentiality: We treat all reports with strict confidentiality. Your personal details and the specifics of the vulnerability will be securely managed to safeguard your privacy and our system's security.

6. Acknowledgment and Updates: We will acknowledge receipt of your report within 24 hours. You will receive updates on our progress in addressing the vulnerability.

7. Resolution and Disclosure: After resolving the vulnerability, we may publicly acknowledge your contribution, unless you request anonymity, at our discretion.

For any inquiries or further information regarding this policy, please contact cdanol.