Responsible Disclosure

If you have discovered a potential security issue, please email us at security@getalembic.com with the following details:

• A clear description of the vulnerability
• The affected product, service, or system
• Steps to reproduce the issue, including any screenshots
• Your contact information (optional, should you wish to receive follow-up)

We ask that you:

• Avoid accessing, modifying, or deleting data that does not belong to you
• Do not perform actions that may degrade our service or impact other users
• Give us a reasonable amount of time to investigate and remediate the issue before disclosing it publicly

Upon receiving your report, Alembic Technologies commits to:

• Acknowledging your submission within 5 business days
• Investigating and validating the reported vulnerability
• Keeping you informed of our progress and any remediation timelines (if you’ve provided contact details)
• Crediting you for your responsible disclosure if we resolve the issue and you would like recognition

We will not pursue legal action against individuals who:

• Engage in good faith, consistent with this policy
• Report vulnerabilities through our designated reporting channels
• Avoid harming Alembic or its users, and respect privacy and data security

Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will work with you to ensure that any interactions are constructive and mutually beneficial.

This policy applies to vulnerabilities in:

• Alembic’s publicly accessible services and APIs
• Alembic’s client applications and web properties

If you’re unsure whether a system is in scope, please contact us at security@getalembic.com before engaging in testing.

Thank you for helping keep Alembic Technologies secure.

Alembic Technologies reserves the right to update this policy at any time.