This policy covers all digital assets owned, operated, or managed by Pamir Alpha Technologies, including:
Websites (e.g., https://pamiralpha.com)
*APIs
*Web applications
*Cloud infrastructure
*Any other associated services
To report a vulnerability, email us at: [email protected]
Please include the following in your report:
The affected domain, IP address, or specific page
*A brief description of the issue.
*Step-by-step instructions to reproduce the issue (non-destructive proof-of-concept preferred)
Once your report is received:
*Our security team will acknowledge receipt and begin investigation
*We may contact you for clarification or updates
*Vulnerability priority will be based on severity and exploitability
*After resolution, you may be asked to confirm the fix
*If applicable, we support coordinated public disclosure and may include your name in our acknowledgments
We ask that all researchers:
*Follow this policy in good faith
*Avoid accessing, modifying, or deleting data
*Never perform actions that could harm system availability or user experience
*Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
*Refrain from phishing, social engineering, DDoS attacks, or physical testing
*Interact only with your own accounts or those with explicit consent
*Use the official reporting email only for submissions
*Allow at least 90 days for resolution before public disclosure
*Securely delete any sensitive data accessed during testing
*Never attempt to extort or demand rewards in exchange for disclosure
If your research is conducted in line with this policy:
*Pamir Alpha Technologies considers your actions authorized
*We will not pursue legal action for good-faith reporting
*You will not be penalized under our Terms of Service
*We may publicly support your intent if legal misunderstandings arise
*If you are ever unsure whether your activity falls within this policy, stop and contact us before continuing.
We sincerely thank those who responsibly disclose vulnerabilities and help us improve our security posture. If you’d like to be publicly recognized for your contribution, let us know in your report.
