Security Vulnerability Disclosure Policy
Last updated: April 15, 2026
1. Purpose
The security of our users' data is our top priority. This policy describes how to report security vulnerabilities you discover in our platform.
2. Scope
This policy applies to all Tokenware.ai services, including our API endpoints, web applications, and associated infrastructure.
3. Reporting a Vulnerability
If you discover a security vulnerability, please report it to security@tokenware.ai. Include a detailed description, steps to reproduce, and potential impact assessment.
4. Response Timeline
We will acknowledge your report within 48 hours and provide an initial assessment within 5 business days. We will keep you informed of our progress throughout the resolution process.
5. Safe Harbor
We will not take legal action against researchers who discover and report vulnerabilities in good faith, following the guidelines in this policy.
6. Guidelines
- Do not access or modify data belonging to other users
- Do not perform denial-of-service attacks
- Do not send unsolicited communications to our users
- Do not publicly disclose vulnerabilities before we have addressed them
- Test only against accounts you own or have permission to test
7. Contact
For security inquiries, please contact security@tokenware.ai.