Skip to main content
Security · Disclosure

Vulnerability Disclosure

If you find a flaw in our platform, we want to hear from you — and we promise safe harbor for good-faith research.

Last updated · April 2026

Our Commitment

OceanAtlasX is committed to the security of our platform and our users' data. We welcome and encourage responsible disclosure of security vulnerabilities. If you believe you have found a vulnerability, we want to hear from you.

Scope

This policy applies to public-facing web applications at oceanatlasx.com and its subdomains.

How to Report

Please email your findings to security@oceanatlasx.com. In your report, please include:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact or severity of the vulnerability

What We Ask

  • Give us reasonable time (90 days) to address the vulnerability before any public disclosure
  • Do not access, modify, or delete other users’ data
  • Do not perform destructive testing (e.g., denial of service, data destruction)
  • Make a good faith effort to avoid privacy violations and disruption to others

Safe Harbor

Recognition

We maintain a hall of fame for security researchers who responsibly report valid vulnerabilities. Inclusion in the hall of fame is at our discretion and based on the severity and impact of the reported issue.

Out of Scope

The following are considered out of scope for this policy:

  • Social engineering attacks (e.g., phishing, pretexting)
  • Physical attacks against our offices or data centers
  • Denial of service (DoS/DDoS) attacks
  • Vulnerabilities in third-party services or applications

Response Time

We will acknowledge receipt of your vulnerability report within 3 business days. We will work to validate and address reported vulnerabilities as quickly as possible and will keep you informed of our progress.