Vulnerability Disclosure Policy

Last Updated: January 14, 2025

At Postscript, we prioritize the security of our platform and the data entrusted to us. We encourage the responsible disclosure of any vulnerabilities discovered in our systems.

Postscript is committed to maintaining the security and integrity of its Platform Services. If you discover a security vulnerability in the Platform Services, you must promptly report it to Postscript by emailing security@postscript.io. Your report should include a detailed description of the vulnerability, reproduction steps, and any supporting evidence to assist Postscript in its investigation.

Postscript will acknowledge receipt of your vulnerability report within 24 hours and will investigate the issue promptly. Postscript reserves the right to determine the validity of the reported vulnerability and the appropriate course of action for remediation.

When reporting a vulnerability, you agree to act in accordance with the following guidelines:

• Do not access, modify, or delete any data that does not belong to you.

• Avoid any activity that could disrupt the availability of the Platform Services.

• Do not publicly disclose the vulnerability or share details with any third party until Postscript has had adequate time to investigate and address the issue.

You are strictly prohibited from engaging in any activity that violates applicable laws, compromises user data, or disrupts the Platform Services during your research or reporting of a vulnerability.

By reporting a vulnerability, you acknowledge that Postscript is not obligated to provide any compensation, financial or otherwise, for your report.

Postscript reserves the right to modify this process at any time and to determine how reported vulnerabilities are handled.