Responsible Disclosure Policy

Reporting Security Issues

If you discover a vulnerability in any GrintOps service, platform, or open-source integration, please:

1. Email: [email protected]
2. Do not publicly disclose until resolved
3. Provide detail: affected service, reproduction steps

Recognition

• Valid reports may receive public acknowledgment or bounty
• Severity and impact determine response priority

Our Commitment

• We take security reports seriously and aim to respond within 2 business days