PitCrew Labs
Home Our Team Contact

Security Disclosure Policy

Report suspected security vulnerabilities in PitCrew-owned systems.

Last Updated: July 2026

Reporting a Vulnerability

If you believe you have found a security vulnerability in a PitCrew Labs website, application, API, browser extension, or customer-facing workflow, please report it to security@pitcrewlabs.ai.

Please include enough detail for us to understand and reproduce the issue, such as affected URLs, steps to reproduce, screenshots or proof-of-concept details that do not expose sensitive data, and your contact information for follow-up.

Response Expectations

We aim to acknowledge vulnerability reports within five business days. After acknowledgement, we will triage the report, may request additional information, and will communicate remediation status or expected next steps when appropriate.

We do not guarantee a fixed remediation timeline for every issue. Timing depends on severity, exploitability, affected systems, customer impact, and the complexity of a safe fix.

Scope

This policy applies to PitCrew-owned public websites, applications, APIs, browser extensions, and related customer-facing workflows. Do not test third-party systems, customer environments, or non-public systems unless you have explicit written authorization.

Rules of Engagement

When researching or reporting a potential issue, do not:

  • Access, modify, delete, exfiltrate, or disclose PHI, customer data, personal data, secrets, or credentials.
  • Perform denial-of-service, load testing, destructive testing, spam, phishing, social engineering, or physical attacks.
  • Attempt persistence, backdoors, lateral movement, or privilege escalation beyond what is necessary to demonstrate the issue safely.
  • Test customer tenants, customer systems, or third-party services without authorization.
  • Publicly disclose a vulnerability before PitCrew has had a reasonable opportunity to investigate and remediate it.

Safe Harbor

If you make a good-faith effort to follow this policy, avoid privacy violations, avoid service disruption, avoid data access or destruction, and report promptly, PitCrew will not pursue legal action against you for the security research itself. This safe harbor does not apply to activity that is malicious, destructive, deceptive, privacy-invasive, or outside the scope of this policy.

No Bug Bounty

PitCrew does not currently offer a public bug bounty or monetary rewards for vulnerability reports unless explicitly agreed in writing before testing.

Security.txt

Our machine-readable security contact file is available at /.well-known/security.txt.

PitCrew Labs Inc.

Patient Engagement Platform

Company

Our Team

Contact

Legal

Privacy Policy

Terms of Service

Security Disclosure

© 2026 PitCrew Labs Inc. All rights reserved.