Legal · Responsible Disclosure

Responsible Disclosure Policy

Effective 3 June 2026 · Unclassified · Public

We welcome reports of security vulnerabilities in our website and services from the security research community, and we commit to handling them responsibly.

01Scope

This policy covers globenova.ai and our publicly accessible services. The following are out of scope: third-party services we do not control; social engineering of our people or vendors; physical attacks; volumetric denial-of-service testing; and anything that would access, alter, or destroy data belonging to others.

02How to report

Send reports to security@globenova.ai. Please include enough detail for us to reproduce the issue, an assessment of its impact, and how we can reach you. A PGP key for encrypted reports is available on request.

03What we ask of you

When researching, please:

act in good faith and avoid privacy violations, data destruction, and disruption of our services;
access only the minimum data needed to demonstrate the issue, and do not save, copy, or share it;
give us a reasonable opportunity to respond before disclosing the issue publicly;
comply with all applicable laws.

04Safe harbour

If you make a good-faith effort to comply with this policy during your research, we will consider your activity authorised, we will work with you to understand and resolve the issue quickly, and we will not pursue or support legal action against you for it. This authorisation does not extend to actions that violate the law, and we cannot waive rights held by third parties.

05Our commitment

We will acknowledge a report within a few business days, keep you informed as we investigate, remediate on a risk-prioritised basis, and credit reporters who wish to be named once an issue is resolved.

06Recognition

We do not currently operate a paid bug-bounty programme. We recognise and thank researchers who help us keep our customers safe.

07Contact

Security reports and questions: security@globenova.ai.