Our Commitment

OceanAtlasX is committed to the security of our platform and our users' data. We welcome and encourage responsible disclosure of security vulnerabilities. If you believe you have found a vulnerability, we want to hear from you.

Scope

This policy applies to public-facing web applications at oceanatlasx.com and its subdomains.

How to Report

Please email your findings to security@oceanatlasx.com. In your report, please include:

A detailed description of the vulnerability
Steps to reproduce the issue
The potential impact or severity of the vulnerability

What We Ask

Give us reasonable time (90 days) to address the vulnerability before any public disclosure
Do not access, modify, or delete other users' data
Do not perform destructive testing (e.g., denial of service, data destruction)
Make a good faith effort to avoid privacy violations and disruption to others

Safe Harbor

We will not pursue legal action against security researchers who discover and report vulnerabilities in accordance with this policy. We consider activities conducted consistent with this policy to be authorized and will not initiate legal action against you for your research.

Recognition

We maintain a hall of fame for security researchers who responsibly report valid vulnerabilities. Inclusion in the hall of fame is at our discretion and based on the severity and impact of the reported issue.

Out of Scope

The following are considered out of scope for this policy:

Social engineering attacks (e.g., phishing, pretexting)
Physical attacks against our offices or data centers
Denial of service (DoS/DDoS) attacks
Vulnerabilities in third-party services or applications

Response Time

We will acknowledge receipt of your vulnerability report within 3 business days. We will work to validate and address reported vulnerabilities as quickly as possible and will keep you informed of our progress.

Contact

For all security vulnerability reports, please contact us at security@oceanatlasx.com.

Security Vulnerability Disclosure Policy