Security

Vulnerability Disclosure

We take security seriously. If you've found a vulnerability in our systems, we'd like to hear from you — and we're committed to working with you to address it quickly.

In scope

• subsalt.ai and its subdomains
• Subsalt platform and APIs

Out of scope

• Social engineering or phishing attacks
• Denial-of-service attacks
• Vulnerabilities in third-party services we use
• Physical security

How to report

Email security@getsubsalt.com with a description of the vulnerability, steps to reproduce, and your assessment of potential impact. We'll acknowledge your report within 3 business days.

What to expect

We'll keep you informed as we investigate and resolve the issue. If you'd like credit for the finding, let us know — we're happy to acknowledge your contribution once a fix is in place.

Safe harbor

We won't pursue legal action against researchers who report vulnerabilities in good faith and follow this policy.