TrustCheck Legal

Responsible Disclosure Policy

Effective date: June 2, 2026. Version: 2026-06-02.

These pages are product policy templates for TrustCheck operations and user consent. They are not legal advice; have qualified counsel review them before production launch.

We welcome good-faith security reports about TrustCheck. This policy explains how researchers can report vulnerabilities safely.

1. Scope

In-scope systems include TrustCheck-owned web applications, public APIs, badge verification endpoints, and authentication workflows. Customer assets, third-party integrations, payment providers, and social platforms are out of scope unless we explicitly authorize testing.

2. Safe Harbor Expectations

3. How To Report

Email reports to support@trustcheck.io with the subject "Security Disclosure". Include affected URL, steps to reproduce, impact, screenshots or proof-of-concept, and your contact details.

4. What Happens Next

We aim to acknowledge reports promptly, triage severity, investigate, remediate where appropriate, and coordinate disclosure. We do not currently guarantee bounty payments unless a separate written program says otherwise.