Security
By Mark JonesUpdated
Nova3 AI welcomes responsible disclosure of security issues. This page describes how to reach us, what is in scope, and the safe-harbor terms for good-faith research.
How to report a vulnerability
Email mj@nova3.ai with details. Include reproduction steps, observed impact, and any proof-of-concept material. PGP key available on request.
Expected response window
Acknowledgement within one business day. Triage and initial response within five business days for confirmed issues.
Scope
- nova3.ai and its subdomains.
- The Surface ingestion pipeline and backend functions invoked from this site.
Safe harbor
Good-faith security research conducted in accordance with this policy will not result in legal action by Nova3 AI. Researchers should avoid:
- Privacy violations and access to accounts that are not your own.
- Service disruption, including denial-of-service testing.
- Data destruction or exfiltration beyond what is required to demonstrate a vulnerability.