Responsible disclosure
Security contact and reporting guidelines
Use this page to report security concerns, understand the public tool boundary, and find the policies that explain how AscendLab handles data.
Security contact
AscendLab currently uses the support inbox for security reports.
Email support [at] ascend-lab.com with a concise subject such as Security report. Please avoid sending secrets, private user data, or sensitive files in the first message.
AscendLab does not currently run a paid bounty program. Reports are reviewed based on impact, reproducibility, and operational risk.
Security basics
Practical boundaries for public tools and account-based workflows.
- Public browser tools are separated from account-based AI workflow previews.
- Admin routes are not public navigation targets and require authenticated operator access.
- Contact and waitlist forms should not be used to transmit sensitive files or secrets.
- Product analytics are designed around sanitized event metadata rather than tool input content.
Responsible disclosure expectations
Keep testing scoped, safe, and non-destructive.
Report suspected vulnerabilities to the support address with Security in the subject line.
Include the affected URL, steps to reproduce, expected impact, and a safe proof of concept when possible.
Do not test destructive vulnerabilities, attempt persistence, exfiltrate data, or access other users' accounts.
Do not upload sensitive customer files, secrets, credentials, or private documents while testing.
Do not use this process for emergencies
AscendLab is a small operator-run product. For urgent account, privacy, or legal questions, use the contact page and include enough context for safe triage.