Responsible Security Disclosure Policy

At ForceMetrics, the security of our systems and the data entrusted to us is a top priority. We appreciate the efforts of security researchers who practice responsible disclosure and help improve the safety of our services.

Scope

This policy applies to potential security vulnerabilities discovered in systems and services owned, operated, or controlled by ForceMetrics.

No Authorization for Testing

ForceMetrics does not authorize unsolicited security testing, scanning, probing, or exploitation of our systems. Any testing activity conducted without explicit written authorization is strictly prohibited.

Reporting a Vulnerability

If you believe you have identified a security vulnerability, you may report it responsibly through our contact form.

Please include:

• A high-level description of the issue
• The affected product, service, or URL
• The potential impact of the vulnerability

Please do not:

• Perform active exploitation
• Access, modify, or delete data
• Degrade service availability
• Use automated scanning tools
• Attempt social engineering, phishing, or physical testing

Expectations

When reporting a potential vulnerability, we ask that you:

• Act in good faith
• Avoid privacy violations or disruption
• Allow reasonable time for investigation and remediation
• Not publicly disclose details without prior written consent

Bug Bounties & Rewards

ForceMetrics does not operate a public bug bounty or reward program. Submission of a vulnerability does not guarantee compensation, acknowledgment, or response.

Legal Safe Harbor

Reports made in accordance with this policy will be reviewed internally. This policy does not grant permission to test, nor does it create any contractual, legal, or financial obligation on the part of ForceMetrics.

Thank You

We value responsible security research and appreciate efforts that help protect our customers and partners.