Vulnerability Disclosure Program

At Corvic, security is our top priority. We appreciate and support the work of security researchers in helping us keep our platform safe for everyone. If you believe you’ve discovered a vulnerability in our systems, we encourage you to report it to us responsibly.

This policy applies to:

• *.corvic.ai (e.g., app.corvic.ai, api.corvic.ai)
• Corvic’s publicly available web applications and APIs

Out-of-scope areas:

• Denial of Service (DoS) attacks
• Social engineering or phishing
• Physical attacks

To help us triage and respond effectively, please:

• Include a detailed description of the vulnerability
• Provide steps to reproduce the issue
• Never attempt to disrupt service availability
• Avoid accessing or modifying any user data

Please send reports to: security-reports@corvic.ai

Include:

• Your contact information
• A description of the issue
• Proof of concept, if available

We will acknowledge receipt within 3 business days, and aim to provide updates on the status of your report as we investigate.

We deeply value your efforts in making Corvic safer. Your responsible actions help protect thousands of users and organizations who rely on our platform.