Responsible Disclosure

Purpose

RavenAlliance welcomes reports from security researchers and customers who identify potential vulnerabilities in our software, services, or web properties.

Responsible reporting helps us protect customer workflows and data.

How to Report

• Send your report to contact@ravenalliance.tech.
• Use the subject line: Security Disclosure - [short issue summary].
• Provide clear reproduction steps and expected versus observed behavior.
• Include impact details and any proof-of-concept data that is safe to share.

contact@ravenalliance.tech

In Scope

• RavenAlliance public website pages and legal pages.
• RavenAlliance-hosted software products and account workflows.
• Public APIs and service endpoints owned by RavenAlliance.
• Authentication, authorization, and session management concerns.

Out of Scope

• Social engineering, phishing, or physical security tests.
• Denial-of-service (DoS or DDoS) activity.
• Testing against third-party systems not owned by RavenAlliance.
• Automated scanning that causes service instability.

Researcher Expectations

• Avoid privacy violations, data destruction, and service interruptions.
• Do not publicly disclose a vulnerability before coordinated remediation.
• Only test accounts and data that you own or are authorized to assess.
• Act in good faith and provide reasonable time for investigation and remediation.

Our Commitment

For general business or service questions, use the RavenAlliance contact form.

• We acknowledge valid reports as quickly as possible.
• We communicate progress and remediation status when appropriate.
• We prioritize fixes based on severity, exploitability, and customer impact.