# Arculem LLC Security Policy Arculem LLC is committed to maintaining the security and integrity of the systems that support our infrastructure, products, and intellectual property. We welcome reports from security researchers, vendors, and members of the public who identify vulnerabilities or potential threats in our systems. --- ## 📬 Reporting a Vulnerability To report a vulnerability, please contact: **Email**: [security@arculem.com](mailto:security@arculem.com) **PGP Key**: [https://arculem.com/pgp.txt](https://arculem.com/pgp.txt) We encourage use of encrypted communication for sharing sensitive details. --- ## 🛡️ Scope This policy applies to: - Infrastructure owned or managed by Arculem LLC - Domains and subdomains under `arculem.com` - Any cryptographic systems developed or operated by Arculem **Out of scope**: - Social engineering or phishing of Arculem staff - Denial of Service (DoS) attacks or physical access attempts - Vulnerabilities in third-party software unless used in our core stack --- ## 🤝 What We Expect from You - Provide detailed, actionable information to reproduce the vulnerability - Do not exploit or weaponize the issue (e.g. exfiltration, tampering) - Give us a reasonable time (at least **14 days**) to address the issue - Do not disclose the vulnerability publicly until we resolve or approve --- ## 🎖️ Recognition Arculem recognizes and appreciates responsible disclosures. We offer: - **Public credit** (on request) - **Private acknowledgment** - Consideration for future consulting, partnerships, or research roles We do **not** offer bounties at this time, but this may change in the future. --- ## 🔐 Coordinated Disclosure Timeline - **Acknowledgment** within 3 business days - **Triage** and assignment of severity within 7 days - **Resolution or mitigation target** within 30 days (may vary based on risk) --- ## 📅 Policy Versioning **Effective Date**: June 14, 2025 **Last Updated**: June 14, 2025 **Expires**: June 14, 2026 (or upon replacement) For the canonical source of this policy, visit: [https://arculem.com/security-policy](https://arculem.com/security-policy)