ACGRAM LLC — Responsible Disclosure Policy

Last Updated: March 11, 2026

OVERVIEW

ACGRAM LLC takes the security of our products and systems seriously. We welcome responsible disclosure of security vulnerabilities by security researchers and the general public.

SCOPE

This policy applies to:

The ACGRAM website (acgram.com)
ACGRAM Blueprints™ products
ACGRAM APIs and integrations

This policy does NOT apply to:

Third-party services or platforms we integrate with (report directly to them)
Social engineering attacks against ACGRAM staff
Physical security of ACGRAM offices or infrastructure
Denial of service (DoS) testing

HOW TO REPORT

If you believe you have found a security vulnerability, please report it to:

Email: security@acgram.com
Subject line: [SECURITY] Brief description of the vulnerability

Please include:

Description of the vulnerability and its potential impact
Steps to reproduce the issue
Any proof-of-concept code or screenshots
Your contact information for follow-up

Please do NOT:

Access, modify, or delete data belonging to other users
Perform testing that could disrupt our services
Publicly disclose the vulnerability before we have addressed it
Use social engineering against ACGRAM staff

OUR COMMITMENT

When you report a vulnerability in good faith:

We will acknowledge receipt within 3 business days
We will investigate and provide a status update within 10 business days
We will work to resolve confirmed vulnerabilities promptly
We will not pursue legal action against researchers acting in good faith
We will credit you (if desired) when we disclose the fix

We ask that you give us reasonable time to address vulnerabilities before public disclosure. We consider 90 days to be a reasonable timeframe.

SAFE HARBOR

ACGRAM considers security research conducted in accordance with this policy to be authorized and will not pursue civil or criminal action against researchers acting in good faith compliance with this policy.