Vulnerability Disclosure Policy 

LucidAct Health Inc. is committed to maintaining the security and privacy of our systems and the data of our users and patients. We appreciate the efforts of security experts who help us achieve this goal by reporting vulnerabilities responsibly. This policy outlines how to report vulnerabilities and our commitment to addressing them. 

  

Reporting a Vulnerability 

  

If you believe you have found a security vulnerability in our systems, please submit a detailed report to admin@lucidact.com. Include the following information in your report: 

- The website, IP address, or specific page where the vulnerability can be observed. 

- A brief description of the type of vulnerability (e.g., "XSS vulnerability"). 

- Steps to reproduce the vulnerability, including any proof of concept, which should be non-destructive. 

  

What to Expect 

  

Upon submission, your report will be triaged, and we aim to respond to all valid reports within five working days. We will not follow up on reports that are duplicates, non-issues, or where no vulnerability is found. For valid reports, we will work to remediate the issue and will notify you once the vulnerability has been resolved. 

  

Disclosure Guidelines 

  

We request that you: 

- Avoid violating any applicable laws or regulations. 

- Refrain from accessing or modifying data without authorization. 

- Do not disrupt our services or systems. 

- Use non-destructive testing methods. 

- Maintain confidentiality of the details of any discovered vulnerabilities until they have been resolved. 

  

Legal Safe Harbor 

  

This policy is designed to be compatible with common vulnerability disclosure good practices. It does not grant permission to act in any manner that would contravene the law or result in LucidAct Health Inc. breaching any legal obligations. 

  

Acknowledgment 

  

While we do not offer monetary rewards for vulnerability disclosures, we recognize the valuable contributions of security researchers. With your consent, we will acknowledge your contribution on our website. 

  

Contact Information 

  

For further details or to follow up on a report, please contact  

admin@lucidact.com 

  

This policy ensures that security researchers can report vulnerabilities responsibly and securely, helping LucidAct Health Inc. maintain a high standard of security for our users and systems.