terminal@octave:~
$

Security Policy

Last Updated: 24 September 2025

At OctaveCode, security is the foundation of everything we do. This policy outlines our commitment to the security of our own systems and the data we handle, and provides a framework for responsible disclosure of security vulnerabilities.

1. Our Commitment

We are committed to a security-first culture. Our internal practices for development and operations are designed to be secure by default. We continuously monitor the threat landscape to adapt our defenses and protect our infrastructure and our clients' data.

2. Vulnerability Disclosure Policy (VDP)

We believe in the value of community-driven security research. We encourage security researchers to identify and report potential vulnerabilities in our systems. If you believe you have found a security vulnerability on our website or in our systems, we ask you to:

  • Email us immediately at [email protected] with a detailed description of the vulnerability, including steps to reproduce it.
  • Act in good faith and avoid privacy violations, destruction of data, or interruption or degradation of our service during your research.
  • Do not publicly disclose the vulnerability until we have had a reasonable amount of time to investigate and address it.

3. Our Promise (Safe Harbor)

If you conduct your security research in good faith and in accordance with this policy, we will:

  • Acknowledge receipt of your report in a timely manner.
  • Work with you to understand and validate your report.
  • Not take legal action against you for your research.
  • Keep you informed of our progress as we remediate the vulnerability.

4. Client Data Protection

Protecting our clients' sensitive information is our highest priority. During professional service engagements:

  • All client data is handled under strict Non-Disclosure Agreements (NDAs).
  • Sensitive information is encrypted both in transit and at rest.
  • Access to client data is limited to authorized personnel directly involved in the engagement.
  • Data is securely sanitized and deleted at the conclusion of the engagement as per our agreement.

5. Contact Us

For any security-related inquiries or to submit a vulnerability report, please contact our security team at [email protected].