Sign In →
Vulnerability Disclosure

Public security reporting for Soxton

If you believe you have found a security vulnerability affecting Soxton, please report it to us. We welcome good-faith reports that help us protect our customers, platform, and data.

How to report

Email [email protected] with the subject line Security Report.

Please include a description of the issue, affected asset, reproduction steps, impact, and any proof-of-concept material needed for validation.

We do not currently operate a public paid bug bounty program. This page describes our public vulnerability disclosure process.

What you can expect

  • We will review incoming reports and prioritize them based on severity and validity.
  • We will work to acknowledge credible reports in a reasonable timeframe.
  • We will coordinate remediation and may contact you for clarification during validation.

Systems in scope

  • https://www.soxton.ai
  • https://app.soxton.ai
  • Soxton-owned APIs, web applications, and supporting infrastructure used to deliver our services

Out of scope

  • Social engineering, phishing, physical attacks, or denial-of-service testing
  • Spam, rate-limit abuse, or automated activity that degrades availability
  • Testing against third-party services that are not owned or operated by Soxton
  • Accessing, modifying, or exfiltrating data beyond what is necessary to demonstrate a vulnerability

Researcher guidelines

  • Act in good faith and avoid privacy violations, service interruption, data destruction, and account compromise beyond what is strictly necessary to validate an issue.
  • Give us a reasonable opportunity to investigate and remediate before public disclosure.
  • Only interact with accounts and data you own or are explicitly authorized to test.
  • Provide enough detail for us to reproduce the issue, including affected URLs, steps, impact, and any proof-of-concept material.

Safe harbor

If you make a good-faith effort to comply with this policy, we will not initiate legal action against you for accidental, good-faith violations arising from your security research.

This safe harbor applies to the extent your testing is limited to in-scope systems, avoids privacy violations and service disruption, and is solely for the purpose of identifying and reporting vulnerabilities to Soxton.