Legal and policy
Security
Practical security posture, responsible disclosure, and safe reporting guidance.
Security posture
- Access controls and least-privilege practices where applicable.
- Encryption in transit and encryption or protected storage where appropriate to the service context.
- Backups, recovery practices, monitoring, logging, and diagnostics where applicable.
- Manual review for sensitive workflows, credentials, publishing, infrastructure, and regulated data handling.
- Separation of general contact channels from emergency or highly sensitive submissions.
Responsible disclosure
Report suspected vulnerabilities through Support or Contact with enough detail to reproduce the issue. Do not access, modify, exfiltrate, or disclose data that is not yours. Do not perform destructive testing, social engineering, spam, denial-of-service, persistence, or lateral movement.
Security reports may be routed through this site’s Support or Contact page. Reports involving sensitive details should avoid public disclosure until ICM / GLC has had a reasonable opportunity to review and respond.