Trust · Responsible disclosure
Report a vulnerability.
We are grateful to researchers who help keep Xplore safe. Please report any suspected security issue to hello@xploreintelligence.co.uk with subject line “Security disclosure”. PGP key available on request.
Scope
*.xplore.ai,xploreintelligence.co.uk- Platform APIs and SDKs
- Agent 007, ABBI, Digital Twins, Classifast
Safe harbour
Research conducted under this policy is considered authorised. We will not pursue legal action for good-faith, proportionate testing that respects user privacy and system integrity.
What we ask
- Give us a reasonable window to fix before public disclosure (90 days is our default).
- Do not access, modify, or destroy customer data.
- Do not degrade availability; avoid automated scanners that generate noise.
- Prefer synthetic test accounts.
What you get
- Acknowledgement within two business days.
- Status updates every seven days.
- Public credit (if you want it) on a hall-of-fame page after release.
Bounties
We currently run a discretionary reward programme for high-impact reports. We will expand to a structured bounty once SOC 2 Type I closes.