Pluripo

Security Disclosure Policy

We take the security of Pluripo and its users seriously. If you believe you have found a security vulnerability in Pluripo, we want to hear from you, and we appreciate your help in disclosing it responsibly.

How to report

Email security@pluripo.com with a description of the issue. A machine-readable version of this contact is published at /.well-known/security.txt per RFC 9116.

Please include, where you can:

Scope

This policy covers the Pluripo service and its official properties, including pluripo.com, the Pluripo API and web app, and the official Pluripo editor extension and desktop app.

The following are out of scope: findings that require physical access to a user’s device; social-engineering, phishing, or spam; denial-of-service and volumetric attacks; automated scanner output without a demonstrated, exploitable impact; and reports about third-party services we rely on (please report those to the relevant provider). Actions the autonomous agent takes within your own environment at your instruction are a product behavior, not a vulnerability — see the Terms of Service.

Responsible disclosure

When you report a vulnerability in good faith under this policy, we ask that you:

Good-faith research conducted in accordance with this policy is welcome, and we will not pursue action against researchers for such research. This policy does not grant permission to act in ways inconsistent with the Acceptable Use Policy or applicable law.

What to expect

We will acknowledge your report, keep you informed as we investigate, and work to remediate confirmed issues as quickly as is practical given their severity. We are a small team and cannot guarantee a specific response time, but we read every report.

Contact

Security reports: security@pluripo.com