Responsible disclosure

How to report

Email security@titantrustee.com with:

• A clear description of the vulnerability and impact
• Steps to reproduce (proof-of-concept if available)
• Affected URLs, endpoints, or components
• Your contact details for follow-up

What to expect

• Acknowledgement within 2 business days
• Status update within 10 business days
• Coordinated disclosure — typical timeline 90 days
• No legal action for good-faith research that follows this policy

Out of scope

• Social engineering or phishing against employees
• Denial-of-service attacks
• Physical security issues
• Issues in third-party services outside our control

Safe harbour

We will not pursue legal action against researchers who act in good faith, avoid privacy violations and data destruction, and give us reasonable time to fix issues before public disclosure.