Security & Responsible Disclosure

Reporting a vulnerability

Please email security@pyramidsit.com with the details. A good report usually includes:

• A clear description of the issue and its potential impact.
• Step-by-step instructions to reproduce it.
• Affected URLs, parameters, or components.
• Any proof-of-concept code or screenshots (please keep them safe).

Our machine-readable policy is published at /.well-known/security.txt following RFC 9116.

Our safe-harbor commitment

We will not pursue legal action against researchers who act in good faith, respect user privacy and data, avoid degrading our services, and give us a reasonable chance to remediate before any public disclosure. If your research follows the guidelines below, you’re authorized under this policy.

Guidelines

• Only test against your own accounts and data, never other users’.
• Do not run denial-of-service tests or high-volume automated scanning.
• Do not use social engineering, phishing, or physical attacks.
• Stop and report immediately if you encounter sensitive data.

What to expect from us

• We aim to acknowledge your report within a few business days.
• We’ll keep you updated as we investigate and remediate.
• With your permission, we’re glad to credit your contribution.

How we handle data

This site is served exclusively over HTTPS with HSTS and a strict set of security headers, including a Content Security Policy. We follow least-privilege access internally, work only with vetted processors for functions like email delivery, and retain personal data only as long as necessary. For details on what we collect and why, see our privacy policy.

Questions

For non-security inquiries, reach us at hello@pyramidsit.com or 863-588-6820.