Skip to content
Security

Vulnerability Disclosure Policy

Scope

This policy applies to all Tegendo.AI services, including the web application (app.tegendo.ai), marketing site (www.tegendo.ai), API endpoints, and associated infrastructure.

How to report

Send your report to security@tegendo.ai. Include a detailed description of the vulnerability, steps to reproduce, and potential impact. Use our PGP key for sensitive reports (available upon request).

Our commitments

  • Acknowledge receipt within 48 hours
  • Provide an initial assessment within 5 business days
  • Keep you informed of our progress
  • Not pursue legal action against good-faith researchers
  • Credit researchers (with permission) in our security advisories

Out of scope

  • Social engineering attacks against employees
  • Denial of service attacks
  • Physical security testing
  • Third-party services and applications