NEW: The Complete Guide to AI-powered Documentation Portals

Get the guide

Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Last updated 27 May 2026

Purpose

Fluid Topics is dedicated to safeguarding the security and integrity of its systems and services, as well as protecting its users. This policy acknowledges the invaluable contributions of security researchers in assisting us in maintaining a secure environment and outlines our preferred methods for submitting discovered vulnerabilities.

This Vulnerability Disclosure Policy (VDP) elucidates our approach to receiving and addressing reports of vulnerabilities within our systems. We strongly encourage you to familiarize yourself with the policy to comprehend the appropriate actions you should take if you identify a vulnerability.

Scope

The VDP policy applies to all systems, applications, and services owned or operated by Fluid Topics. This encompasses all internet-facing assets, including websites, web applications, APIs, and other publicly accessible services. Should you have any doubts regarding the scope of the policy, kindly contact us for clarification.

Policy Detail

Safe Harbor

We authorize good-faith security research on our in-scope assets. Researchers who act in good faith—meaning without causing harm, disrupting services, or accessing data beyond what is necessary to identify a vulnerability—will not face legal action under applicable laws. We view good-faith research as a valuable contribution to our security and will collaborate with you to understand and resolve issues promptly.

Guidelines

Researchers are encouraged to:

  • Notify us promptly upon discovering a genuine or potential security vulnerability.
  • Strive to prevent privacy breaches, degradation of user experience, disruption to production systems, and data destruction or manipulation.
  • Utilize exploits solely to confirm the presence of a vulnerability. Refrain from employing exploits to compromise or exfiltrate data, establish persistent command-line access, or pivot to other systems.
  • Provide us with a reasonable timeframe to resolve the issue before disclosing it publicly.
  • Limit submissions to high-quality reports to facilitate efficient processing.

Upon confirming the existence of a vulnerability or encountering sensitive data (including personally identifiable information, financial information, proprietary information, or trade secrets of any party), researchers must cease their testing, notify us immediately, and refrain from disclosing this data to any other individual.

Test methods

The following test methods are not authorized:

  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
  • Physical testing (e.g., office access, open doors, tailgating)
  • Social engineering (e.g., phishing, vishing)
  • Any other non-technical vulnerability testing

Any such unauthorized activities may result in legal action.

Reporting Vulnerabilities Steps

If you discover a security vulnerability, please follow these steps:

  • Submit a Report: Email our security team at [email protected]. Include a detailed description of the vulnerability, steps to reproduce it, and any supporting evidence.
  • Acknowledgment: Fluid Topics will acknowledge receipt of your report. We aim to acknowledge your report within 48 hours.
  • Investigation: Fluid Topics will investigate the issue promptly and provide an initial assessment within 3-7 days.
  • Resolution: Fluid Topics commits to addressing valid vulnerabilities within a reasonable timeframe.
  • Public Disclosure: We do not place restrictions on the disclosure of vulnerabilities. Researchers are free to publicly disclose their findings at any time after reporting them to us. While we appreciate advance notice to allow time for remediation, it is not required under this policy.

For exceptionally sensitive information, kindly contact us via email to schedule a meeting to discuss the specifics.

Recognition and Rewards

This program is not intended to function as a bug bounty program. Fluid Topics does not provide rewards or compensation for submitting potential issues.

Our Commitment

We take all vulnerability reports seriously and will investigate each submission promptly. Researchers will be kept informed about the status of their reports and any remediation actions taken. We appreciate your assistance in enhancing our security measures.

Contact Us

For inquiries regarding this policy or to ascertain whether a particular asset falls within its scope, please contact [email protected].