BRIXCOT - #1 AI-Powered Lead Management Platform | Lead Generation Software

BRIXCOT

+1 (702) 800-9182

support@brixcot.com

Login Try it for Free

Responsible Disclosure

Last updated: March 3, 2026

If you identify a potential security issue, report it in good faith so we can investigate, remediate, and protect users.

This policy supports coordinated vulnerability disclosure and does not authorize testing that violates law or harms users/services.

1) Purpose and Scope

BRIXCOT welcomes responsible reports of potential security vulnerabilities affecting our website, APIs, dashboards, and supporting services.
This policy applies to security testing performed in good faith and designed to improve platform safety.
Testing must avoid disruption, unauthorized data access, privacy violations, or service degradation.

2) What to Report

Authentication and authorization weaknesses, privilege escalation, and account takeover vectors.
Sensitive data exposure, injection flaws, insecure direct object references, and logic abuse risks.
Infrastructure or integration weaknesses that could materially impact confidentiality, integrity, or availability.

3) Testing Rules and Prohibited Actions

Do not access, modify, export, or delete data that does not belong to your own test account.
Do not conduct denial-of-service attacks, spam campaigns, social engineering, or physical attacks.
Do not exploit a vulnerability beyond the minimum required to demonstrate impact.

4) Report Submission Requirements

Include clear reproduction steps, affected endpoint/page, expected vs actual behavior, and potential impact.
Provide proof-of-concept details, timestamps, environment context, and supporting logs/screenshots when possible.
Include contact details for follow-up and coordinated remediation communication.

5) Coordinated Disclosure Timeline

Allow reasonable remediation time before public disclosure so risks can be contained and fixed responsibly.
We may request additional validation details during triage and remediation.
Public disclosure should occur only after coordination and agreement, except where law requires otherwise.

6) Safe Harbor (Good Faith Research)

BRIXCOT will not pursue legal action for good-faith research that complies with this policy and applicable law.
Researchers must immediately stop testing and notify us if unintended access to non-public data occurs.
This safe harbor does not cover malicious behavior, data exfiltration, service disruption, or legal/regulatory violations.

7) UK/EU + US Legal Considerations

Researchers must comply with applicable cybercrime, privacy, and communications laws in their jurisdiction.
For UK/EU contexts, reporting and handling should support GDPR/UK GDPR data protection duties where personal data is implicated.
For US contexts, reporting and handling should support applicable federal/state requirements related to unauthorized access and breach handling.

8) Incident Response and Notification

Validated reports enter internal triage, risk scoring, containment, remediation, and post-incident review processes.
Where legally required, affected parties and authorities may be notified within required timelines.
We maintain records of security events to support accountability, audits, and continuous improvement.

Related Legal Pages

Legal Terms of Service Privacy Information Cookie Preferences Your Privacy Choices Trust