Security Policy

Last updated: January 1, 2026 · Resilient Privacy Inc.

🔐 Found a security vulnerability? Please report it responsibly to security@resilientprivacy.com. We are committed to working with security researchers to resolve issues quickly.

1. Our Commitment to Security

Resilient Privacy Inc. takes the security of CyberIntel™ and the data we handle seriously. We employ industry-standard security practices in our platform design and actively welcome responsible disclosure of security vulnerabilities from the security community.

2. Responsible Disclosure Program

We operate a responsible disclosure (coordinated vulnerability disclosure) program. If you discover a security vulnerability in CyberIntel, we ask that you:

  • Report it to us privately before public disclosure
  • Give us reasonable time (90 days) to investigate and remediate
  • Not exploit the vulnerability beyond what is necessary to demonstrate it
  • Not access, modify, or delete data belonging to other users
  • Not perform denial-of-service attacks or social engineering
  • Not violate applicable laws in your research

3. How to Report

Send your vulnerability report to:

Please include in your report:

  • Type of vulnerability (e.g., XSS, SSRF, SQLi, authentication bypass)
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any proof-of-concept code or screenshots (redacted as appropriate)
  • Your contact information for follow-up

4. Scope

In Scope

  • CyberIntel web application (cyberintel.resilientprivacy.com)
  • CyberIntel API endpoints (/api/*)
  • Authentication and authorization mechanisms
  • Server-side request forgery (SSRF) vulnerabilities
  • Injection vulnerabilities (SQL, command, etc.)
  • Information disclosure vulnerabilities
  • Cross-site scripting (XSS) and CSRF vulnerabilities

Out of Scope

  • Third-party services and APIs we rely upon (AbuseIPDB, urlscan.io, etc.)
  • Denial of service attacks
  • Physical attacks against our infrastructure
  • Social engineering of Resilient Privacy Inc. staff
  • Clickjacking on pages with no sensitive functionality
  • Missing security headers with no exploitable impact
  • Rate limiting on non-security-critical endpoints

5. Safe Harbor

We consider good-faith security research under this policy to be:

  • Authorized and will not initiate legal action against researchers who follow these guidelines
  • Exempt from restrictions in our Terms of Use that would otherwise prohibit security testing

We will not pursue legal action against you for good-faith research conducted under this policy. We ask that you contact us before testing to establish clear scope boundaries.

6. Response SLA

  • Acknowledgement: Within 2 business days of receipt
  • Initial assessment: Within 7 business days
  • Status update: Every 14 days during investigation
  • Remediation target: Within 90 days for critical/high severity; 180 days for medium/low
  • Public disclosure: Coordinated with researcher after remediation

7. Recognition

We appreciate the work of security researchers. Researchers who responsibly disclose valid vulnerabilities will be acknowledged in our Security Hall of Fame (with their permission). We do not currently offer monetary bug bounties, but we do offer public recognition and our sincere gratitude.

8. Platform Security Measures

CyberIntel employs the following security controls:

  • HTTPS/TLS encryption for all traffic
  • Content Security Policy (CSP) headers
  • Rate limiting on all API endpoints
  • Input validation and sanitization
  • Parameterized queries for all database operations
  • Server-side API key storage (keys never exposed to browser)
  • Helmet.js security headers (X-Frame-Options, HSTS, etc.)
  • Request size limits to prevent payload attacks

9. Contact

Security team: security@resilientprivacy.com
General inquiries: info@resilientprivacy.com
Resilient Privacy Inc.