At Bigspin AI, we take security seriously. This policy outlines our security practices and how we handle security reports.
Responsible Disclosure
We welcome security researchers to help us improve our platform's security. If you discover a security vulnerability, please report it to us following the guidelines below.
How to Report
- Email: Send reports to security@bigspin.ai
- Contact form: Use our contact form at https://app.bigspin.ai/contact
- Encryption: For sensitive reports, please use our PGP key (available on request)
What to Include
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Impact assessment and potential risks
- Any proof-of-concept code or screenshots
- Your contact information for follow-up
Our Response Process
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the report and determine severity
- Investigation: We will investigate and develop a fix
- Resolution: We will deploy the fix and notify you
- Recognition: We will credit you publicly (with your permission)
Scope
This policy applies to:
- bigspin.ai and all subdomains
- Our web application and API endpoints
- Our mobile applications (if applicable)
Guidelines
To ensure responsible disclosure, please:
- Do not access or modify data that doesn't belong to you
- Do not disrupt our services or other users
- Do not publicly disclose the issue before we've addressed it
- Do not perform social engineering attacks on our employees
- Do not perform physical attacks on our infrastructure
Out of Scope
The following are not considered security vulnerabilities:
- Issues that require physical access to user devices
- Social engineering attacks
- DoS/DDoS attacks
- Spam or social engineering of employees
- Issues in third-party services we don't control
Security Measures
We implement comprehensive security measures including:
- Regular security audits and penetration testing
- Secure coding practices and code reviews
- Encryption of data in transit and at rest
- Multi-factor authentication and access controls
- Regular security training for our team
- Incident response and monitoring systems
Contact Information
For security-related inquiries, please contact us at security@bigspin.ai
This policy is subject to updates. Last updated: 12/4/2025
