Vulnerability Report

    Last Updated: May 9, 2025

    Found a security issue? Report it responsibly. We'll work with you to fix it.

    Report a Vulnerability
    security@elderwise.ai
    Request Testing Authorization
    security-research@elderwise.ai
    Policy Questions
    legal@elderwise.ai

    How to Report a Vulnerability

    Found a security vulnerability? Email us immediately at security@elderwise.ai

    Include in your email:

    • What you found (describe the vulnerability)
    • Where you found it (URL, app, or system)
    • How to reproduce it (step-by-step)
    • Your contact info (so we can follow up)

    For Sensitive Details: You MUST encrypt sensitive vulnerability information using our PGP key. This protects both you and our users.

    Our Response Timeline

    We acknowledge every report within 2 business days and keep you updated as we work to fix the issue.

    Our Response Process:

    • We Acknowledge: Confirm we received your report within 48 hours
    • We Validate: Work with you to understand and confirm the vulnerability
    • We Fix: Resolve the issue as quickly as possible based on severity
    • We Thank You: Acknowledge your contribution (unless you prefer to stay anonymous)

    Guidelines: What to Do

    • Report immediately when you find something
    • Give us details so we can reproduce and fix it
    • Keep it confidential until we've fixed it
    • Act in good faith to help protect users

    Prohibited Actions

    These actions are prohibited and may be illegal:

    • Don't test or exploit the vulnerability
    • Don't access user data or any data that's not yours
    • Don't break anything or disrupt our services
    • Don't tell anyone else before we've fixed it
    • Don't attack our systems (no brute force, DDoS, etc.)

    Need to Test? Contact security-research@elderwise.ai for authorization BEFORE testing. Unauthorized testing may violate our Terms of Service and applicable laws.

    What Systems Are Covered?

    This policy covers security issues in:

    • All *.elderwise.ai websites
    • Elderwise mobile apps (iOS & Android)
    • Elderwise APIs
    • Elderwise IoT devices

    Legal Protection

    If you follow this policy and act in good faith, we promise:

    • No legal action against you for reporting
    • Work with you to resolve the issue
    • Acknowledge your help (if you want recognition)

    Important: This policy does NOT give you permission to break the law. It only protects you when you report vulnerabilities responsibly according to these rules. Always comply with applicable laws and regulations.

    Additional Terms

    Please understand:

    • We don't offer cash rewards at this time
    • We're not responsible for any costs you incur while researching
    • We can't give you legal immunity—just our promise not to sue if you follow the rules
    • We may need to make public statements without consulting you first

    Questions? Contact Us

    If you have any questions about this disclosure policy, please contact us.

    Email: legal@elderwise.ai