Responsible Disclosure
We welcome good-faith reports from the security community. Report suspected vulnerabilities to
Important encryption note
EdgeRecord has not yet published a verified public PGP key. Do not rely on any placeholder or third-party key claiming to represent EdgeRecord. If your report requires encryption, email a minimal contact note first and request a secure exchange path.
Scope
The EdgeRecord production website, API, authenticated dashboard, and official integration surfaces are in scope. Third-party hosted services and abandoned forks are out of scope unless they directly affect an EdgeRecord customer environment.
Safe harbor
Good-faith research conducted under this policy is authorized. Avoid privacy violations, data destruction, persistence, social engineering, denial of service, and access to customer data.
What to include
- Affected URL, endpoint, package, or workflow.
- Steps to reproduce.
- Impact and any observed evidence.
- Your preferred contact method.