Legal
Security Vulnerability Disclosure Policy
Effective date: April 23, 2026 · Version 0.1
ErgoTax welcomes responsible reports of suspected security vulnerabilities affecting ergotax.app or related ErgoTax systems.
1. Reporting
Please report suspected vulnerabilities to security@ergotax.app with enough detail to help us reproduce and understand the issue.
2. Good-faith expectations
Please act in good faith, avoid privacy violations, avoid destructive testing, and do not access or attempt to access data that does not belong to you.
3. Response
ErgoTax will make reasonable efforts to:
- Acknowledge receipt of reports
- Investigate credible reports
- Prioritize remediation based on severity and risk
4. Scope
This Policy applies to security issues involving ErgoTax systems and services. It does not authorize testing that is unlawful, harmful, or disruptive.
5. No bounty commitment
Unless ErgoTax announces otherwise, submission of a report does not create an entitlement to payment or reward.
6. Contact
Security reports should be sent to security@ergotax.app.