Trust

Security & Responsible Disclosure

We take security seriously. Here's how we protect our systems and how you can help.

This is general information and not legal advice.

Our Security Practices

Security is embedded in our engineering process, not bolted on after the fact. Key practices include:

  • Encryption: All data in transit is encrypted via TLS. Sensitive data at rest is encrypted using industry-standard algorithms.
  • Access control: Principle of least privilege across all systems. Multi-factor authentication for internal tools and infrastructure.
  • Code review: All production code undergoes peer review before deployment. Automated static analysis and dependency scanning are part of our CI/CD pipeline.
  • Infrastructure: Cloud-hosted on reputable providers with SOC 2 compliance. Regular patching and vulnerability management.
  • Monitoring: Continuous monitoring and alerting for suspicious activity and system anomalies.

Reporting a Vulnerability

If you believe you've discovered a security vulnerability in any of our systems, we encourage you to report it responsibly. Please email:

support@primatech.co

Please include a detailed description, reproduction steps, and any relevant evidence.

What to Include

  • Description of the vulnerability and potential impact
  • Steps to reproduce the issue
  • Affected URLs, endpoints, or systems (if applicable)
  • Your contact information for follow-up

Safe Harbor

We value the security research community. If you act in good faith and follow responsible disclosure practices, we commit to:

  • Not pursuing legal action against researchers who report vulnerabilities responsibly
  • Working with you to understand and resolve the issue promptly
  • Acknowledging your contribution (with your consent)

We ask that you do not access, modify, or delete data belonging to others, and that you give us reasonable time to address the issue before public disclosure.

Response Process

  • 1. Acknowledgement: We aim to acknowledge receipt of your report within 24 hours.
  • 2. Assessment: Our team will triage and assess the reported issue within 3 business days.
  • 3. Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible, prioritized by severity.
  • 4. Communication: We will keep you informed of our progress and notify you when the issue is resolved.