Responsible Disclosure Policy
Last updated: July 2026
1. Our Commitment
We take the security of our systems seriously and value the security community. If you believe you have found a security vulnerability in a GrowAppAI system, we encourage you to report it to us so we can address it responsibly.
2. How to Report
Please email your report to security@growappai.com. Do not disclose the issue publicly until we have had a reasonable opportunity to investigate and remediate it.
3. What to Include
To help us triage quickly, please include where possible:
- A clear description of the vulnerability and its potential impact.
- Steps to reproduce, including affected URLs or endpoints.
- Any proof-of-concept code, requests, or screenshots.
- The environment and configuration you tested against.
4. Good-Faith Safe Harbor
We will not pursue or support legal action against researchers who, in good faith, discover and report vulnerabilities in accordance with this policy, avoid privacy violations and service disruption, and do not access or modify data that is not their own. If in doubt, contact us before acting.
5. Out of Scope
The following activities are not authorized under this policy:
- Denial-of-service (DoS/DDoS) or volumetric/load testing.
- Social engineering of our staff, customers, or vendors.
- Spam, phishing, or physical attacks against facilities or people.
- Attempts to access, modify, or exfiltrate other users' or customers' data.
- Automated scanning that degrades service availability.
6. Our Response
We will acknowledge valid reports and work to remediate confirmed issues based on severity. We are a growing company and do not currently commit to a fixed response-time guarantee, but we make a genuine effort to respond promptly and keep reporters informed.
7. Contact
Security contact: security@growappai.com.