Command AI Responsible Disclosure Policy

We appreciate all security concerns – no matter how tenuous – brought to our attention, since we strive to safeguard our product from all threats, no matter how recent. Being proactive rather than reactive to emerging security issues is a fundamental principle at Command AI. If you believe you’ve found a security vulnerability in Command AI’s service, please notify us. We will collaborate to resolve the issue promptly.

Disclosure Policy

• If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security[at]commandbar[dot]com. We will acknowledge your email within five (5) business days.

• Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten (10) business days of disclosure.

• Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Command AI service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we would greatly appreciate if you avoid using practices that could reasonably be considered to constitute:

• Distributed Denial of Service (DDoS)

• Spamming

• Social engineering or phishing of Command AI employees or contractors

• Any attacks against Command AI’s physical property or data centers Thank you for helping us keep Command AI and our customers safe!

Changes

We occasionally revise our Responsible Disclosure guidelines. The most current version of the guidelines will be available on this page ( https://www.commandbar.com/disclosure ).

Contact

Command AI is always open to feedback, questions, and suggestions. If you would like to talk to us, please email us at security[at]commandbar[dot]com.