Security Policy
Gold Shore welcomes responsible vulnerability disclosures that help protect our systems, partners, and users.
Safe Harbor
If you act in good faith, avoid privacy violations and service disruption, and follow this policy, we will not initiate legal action against you for your research.
Out of Scope
- Third-party services and SaaS providers not operated by Gold Shore
- Social engineering, phishing, or physical attacks
- Denial-of-service or volumetric testing
- Automated scans that materially degrade service availability
Response Timeline
- Initial acknowledgment target: within 3 business days
- Triage and severity assessment target: within 7 business days
- Status updates: at least every 14 days for in-progress reports
How to Report
Send reports to security@goldshore.ai and include reproduction steps, affected endpoints, and any proof-of-concept details needed for validation.
For encrypted communication, use the public key at /pgp-key.txt.
For machine-readable policy details, see /.well-known/security.txt.