Atlacis

Responsible Disclosure / Vulnerability Reporting

Version
v1.0
Last Updated
March 3, 2026
Owner
Atlacis Legal & Accounting Counsel (internal)
Company
ATLACIS SOFTWARE TECHNOLOGIES LLC

1111 Lincoln Rd, Suite 500, Miami Beach, FL 33139, USA

ATLACIS SOFTWARE TECHNOLOGIES LLC takes the security of its platform and customers seriously. We value the work of independent security researchers and welcome responsible disclosure of vulnerabilities.

1. Scope

This policy applies to vulnerabilities discovered in the Atlacis platform, website, APIs, and related infrastructure. The following are out of scope:

  • Third-party services or applications not operated by Atlacis.
  • Social engineering attacks against Atlacis employees or customers.
  • Physical security vulnerabilities.
  • Denial of service (DoS/DDoS) testing.
  • Automated scanning without prior written authorization.

2. How to Report

If you believe you have discovered a security vulnerability, please report it to:

security@atlacis.com

Please include the following in your report:

  • Description of the vulnerability and its potential impact.
  • Steps to reproduce the issue.
  • Any proof-of-concept code or screenshots.
  • Your contact information for follow-up (optional but appreciated).

3. Our Commitment

When you report a vulnerability in good faith, Atlacis will:

  • Acknowledge receipt of your report within two (2) business days.
  • Provide an initial assessment within five (5) business days.
  • Keep you informed of the remediation progress.
  • Not take legal action against you for research conducted in compliance with this policy.
  • Credit you in any public disclosure (if you wish) once the vulnerability is resolved.

4. Your Responsibilities

When conducting security research, you agree to:

  • Act in good faith and avoid actions that could harm Atlacis, its customers, or the integrity of the Service.
  • Not access, modify, or delete data that does not belong to you.
  • Not disclose the vulnerability publicly until Atlacis has had a reasonable opportunity to address it (minimum 90 days from report date, or as mutually agreed).
  • Not use the vulnerability for personal gain or to extort Atlacis.
  • Comply with all applicable laws during your research.

5. Safe Harbor

Atlacis considers security research conducted in accordance with this policy to be authorized conduct. We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and in compliance with this policy. This safe harbor does not extend to activities that violate applicable laws or cause harm to Atlacis or its customers.

6. Recognition

Atlacis does not currently operate a paid bug bounty program. We do offer public acknowledgment (with your permission) for valid vulnerability reports that lead to a security improvement.

Contact

Vulnerability reports only: security@atlacis.com