Security at Piscys
Piscys is building infrastructure for high-stakes AI governance and assurance. We take security seriously and aim to follow industry-standard practices appropriate to our stage and risk profile.
1) Security Contact
For security-related inquiries, please contact:
Email: info@piscys.ai
2) Responsible Disclosure / Vulnerability Reporting
We welcome reports from security researchers and users. If you believe you’ve found a vulnerability, please email info@piscys.ai with:
- a clear description of the issue and potential impact;
- steps to reproduce (proof-of-concept where appropriate);
- affected URLs, endpoints, or components;
- your contact information for follow-up.
Our commitments
- We will acknowledge receipt within [e.g., 5 business days].
- We will work to validate and remediate issues in a timeframe appropriate to severity and operational constraints.
- We will coordinate on public disclosure timing where feasible.
Your commitments
- Do not exploit the vulnerability beyond what is necessary to demonstrate it.
- Do not access or modify data that does not belong to you.
- Do not disrupt services (e.g., denial-of-service testing) without explicit written permission.
- Provide us a reasonable opportunity to remediate before public disclosure.
3) Safe Harbor (Good-Faith Research)
If you act in good faith and follow the guidelines above, Piscys will not pursue legal action for your security research. This safe harbor does not apply to:
- extortion, ransom demands, or threats;
- intentional data destruction or service disruption;
- social engineering of employees/contractors/users;
- physical attacks or unauthorized access to facilities.
4) Bug Bounty
Piscys does not currently operate a public bug bounty program. If we introduce one, we will publish program terms and scope here.
5) Security Notifications
If we identify a material security issue affecting users, we may post updates and/or notify impacted parties consistent with contractual and legal requirements.
