Responsible Vulnerability Disclosure Policy

Last Updated: 19 November 2025
At Digitamize Inc., we are committed to maintaining the security and integrity of our platforms, services, and customer data. We value the contributions of security researchers and members of the community who help us improve our security posture by responsibly discovering and reporting potential vulnerabilities.
This Responsible Vulnerability Disclosure Policy outlines how to report security issues to us and what you can expect in return.

Our Commitment

Digitamize Inc. will:

  • Acknowledge receipt of valid vulnerability reports.
  • Conduct a timely investigation of reported issues.
  • Work to remediate confirmed vulnerabilities as quickly as possible.
  • Maintain open and professional communication throughout the process.
  • Not pursue legal action against good-faith security researchers who adhere to this policy.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability affecting any Digitamize Inc. system or service, please notify us immediately.

Report to: security@supervity.ai

When reporting, please include:

  • A detailed description of the vulnerability.
  • Steps to reproduce the issue, including any proof-of-concept code or screenshots.
  • The affected system, service, endpoint, date, time and URL with any other additional details as much possible.
  • Your contact information (so we may reach you for clarification).

Please encrypt sensitive information using our PGP key (mentioned below). Encryption is optional but encouraged.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGkd7BABEADUrrFBsF8fNFdjj3nTaeGdRVHeYuxuj7ufKxJYmiFmoCRHnP5B
ZgMhkR+rXhWluZB7Lg7YIj9hQw6LLcRcO5B7F5jwCoVeD4ymgsyq1hthKQhXgBMA
rBorDhf1FIr3IVyBY37i3BYsVKPDpPIv6i7RN7TFkvvwX/fv5eGHdrUhiLYN9ctV
fXz4bxwYktcIKRsQEuVHesKqeYKLa8OuhIiu6AnjugxSqqNhm9m0EzAnDtmODi1K
vsUEqWlooGvTLYFstWIbDtC7RdmZqLMRcdIsJNOsHkQKaWIzotq1+CfUN3RYxQN9
FjGK/l8e4jEYLXM8Dbb2boATVAsQrWiUfHrQyjj/P1fQULWV6eoVEgjTv/B3G8P8
+gEmsfNNsaPee+iefEFskTTUwkchBjF322BC5rIUp/AZTUPNA9SudCMBPFeIDmfC
Q4z95iKw0JMICaDotp680UzmvkSplS57nQj9fl2eJ7aAQ36Ji+PQG9VLx+ldaUuo
EzZo3Pk9Vq1u8PSf8teyabwxuBfgT2JZTY7QpTtFy9XCzDrwcAfAMzm5NYMVvp0V
MFrXHjRZj+KLj5J7Ot9Lt96aE5nUWhO1Zh65UTyU2P0WlZ3XG27BpP37Q6MgEX+c
/9c6e3FDOWfEsnVaC0hAe+MztdDdT6bPaxPR8xG0vjCvUwtCx3Z2LXs6cQARAQAB
tEJTZWN1cml0eSBUZWFtIChSZXNwb25zaWJsZSBEaXNjbG9zdXJlIEtleSkgPHNl
Y3VyaXR5QHN1cGVydml0eS5haT6JAlcEEwEKAEEWIQTOPduDA8qC6EZ1cIhZHfmz
QwV70gUCaR3sEAIbAwUJAeEzgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
CRBZHfmzQwV70rBvEACksERXh2R/M360HfDNleKx7TLt3Rnpcxk4OpAKImp0BMhd
93drTByVSm1E+X4YNrMSKQSY0xDILWGXOK7tw2XKtFzv2ixwg1e/8JLDM8/a+h2H
H3NsqjsvHeeheOgetKq/HaOHUUoUWSGW8UeJgx0Fp6orHaDGD8p8yVZdPv/hGtSY
kCAU/QYaOkUjY3RVX1WqQYAmB8NmjVg/Nzm0zs0r2o7EeRaTWqLGtGgBxrDsfY6A
u5bh4LuR0OgruyWGawRdD6Wa0jcdMJ8hnhh3YPenJBUpjMWlRhskCHR5bv2aiyYq
0Mi7+DA/VZ2AzfNRjRPilHNaoZauIa8FCg/NSzyWBqrQGZAfRDAbJlggwuuvfh4B
5vC9RWN9uCSN5ufktWCiCYfnLsa3RbutJZD558IEl+PXdIo6bx/er+etF06f6cq5
kNECcJZD3d/qd1GTBRdvueBt0qbh0uINnteC3RHc0ZmeKcZ7127nYoANt2RFT7+5
K7v3b0omM8xuujvo4n2q5Bd704VbjU3tTcjFdzoVTKz4gKUEqMRrK865t0yvFZt3
7rdWv1WjEfOFmuSnDGPGJrRFJMj3dX42+ISH2Y8Z6ictkOHUKFrbfpNDYoVuag/M
37vgHLNRsENjv6C4GLJ+63N7SDewDs2yel5QuwP8aV1jYVCFIRKDWipuch2SU7kC
DQRpHewQARAA21ND9Djwq3C8qv1c8n8Ofz/JQ0dmmp77tE54OmZXN3cfpq/fOA1Y
6Qg7L0j7QV+EFJ7COWl5YFFTI6skrqe2Tf0H7Lq0Apgj36J83XpXgNextA6fEMVK
ZCco3snHiWPmkYvXcDAKtvTHGR9qjHRo/f5/C5aBLeDHObCgGc0RwKcov+ztn1RJ
OTEmCo7cwzB7ehwmd94Js6co9EXImYNX28QG2XDhZSfZOO7s5olYNeyV7FVObW2F
4KwsGQtnopJRUpDDPehYmETsgVCLt/Ev1i+3mruhND6DtUHUI2sIATK8dYEyaVkb
mt4naaUcO3okYQJ1G2qGRpwd2e5PjBozDSQnkz9Ffb5Rkz0TvlemJblO3+rn3e7G
9thdfe/46fRvWIX3C8dOPSeCJYF7ZzSG1yyOkpr7AQ4iK95++Oh4WkHF8b6VdjCE
WWkfw2pwrdfj8Q6FXMHPBGsWuLzcuoCfJfWnnqa/12K/q4+Y+wjZFLX7BsbldMC6
AB+j5xcPHu+uUHxG9fr9IVrHbIuj7rwfgGpWlV4hrJdqD1ZYN6nAetZG7YaceciG
St5aBXP/cQO/QfM5RBPax0SwGmipwq+xFmeWQYa83AuSaWVmeiA6CUMjHCT+Ibpk
q9KZqloX7lBMocrUm/eDFe4KLakFngug9mEEv/MLtWJflHXDrI8YYIkAEQEAAYkC
PAQYAQoAJhYhBM4924MDyoLoRnVwiFkd+bNDBXvSBQJpHewQAhsMBQkB4TOAAAoJ
EFkd+bNDBXvS7vEQAK6tWU0DDpX+neM2dOZNiWLrwqExNkwj9znJylgF207VweR9
Lm54RdxJRLgEy7p8MY6GPsU0y1ZQ+OMDy5n3cNPmiqFC65k4IrUwnOOMTpAaWgbL
weDo51Wp4nSIfoY+JHQiGQqBw/dHZeuwHxQRWiI9YGgb3HM+plV2FUV+JMk31P41
M2Nm7nruX19ptuDV0NBBqmYL8YqkT3shDyiU9TrHIW3TwUpcrGgfXM0Ri+8LCeHa
F2lF31u6Cyx5Qd6ASaMjx9Hf5qMs1ukCKbpz82ib2lJB1lxgRQw5ycOt1FMsl+/a
QXY5eK35YFoiyBpfQMw7FEkGzsRHyG3HAavDhyoe2THJqnBXPpeYqCCllGnC9A83
anyvQbLjeqsPt6LXLL+py8r3uHqKlTlBpMhPSTqDOp/8zeTzetp9P3ue+z/7N9n4
HQAcSl07zsmooJiqOz3eWnRM0A42jBIqRIFHtlo1FII0wSc38OZQvwiDwD6pUIOO
8UdUF7kSNcpel4Lf2Yq+Txm8Q4tZ8392FB338uz4YMVLyPFuV7iZ15YHpWJntY8p
htDmgSXANFBHWdWvP9Z/eTfYfP791DqPsyANCdzIHVM+Z3qKrV57C/bWotG1A0TW
SXRnDWms0SGMSc14vTVq4QtZkBBgGJjHfaAm+vcfCpd7qWZx3pnBaYpkhJZa
=1XR8
-----END PGP PUBLIC KEY BLOCK-----

Guidelines for Responsible Disclosure

To be considered a good-faith actor, researchers are expected to:

  • Avoid exploiting vulnerability beyond the minimum necessary for proof of concept.
  • Avoid accessing or modifying data that does not belong to you.
  • Avoid disrupting services, degrading performance, or conducting denial-of-service (DoS) testing.
  • Give us reasonable time to investigate and resolve the issue before publicly sharing any details.
  • Follow all legal and ethical guidelines when conducting research.

Safe Harbor

Digitamize Inc. welcomes security research conducted in good faith. We will not pursue legal action against researchers who:

  • Follow this Responsible Disclosure Policy.
  • Do not intentionally harm Digitamize Inc. or its customers.
  • Do not attempt to access data without authorization.
  • Do not exploit, share, sell, or misuse discovered vulnerabilities.
If in doubt, please contact us first.

Out-of-Scope Activities

The following are strictly prohibited:

  • Social engineering attacks (including phishing or impersonation of employees).
  • Physical security testing of facilities or office locations.
  • Attacks against third-party providers or cloud infrastructure not owned by Digitamize Inc.
  • Automated scanning, that may impact service availability.
  • Attempts to access customer data or confidential information.

Recognition

Currently, Digitamize Inc. does not operate a public bug bounty program. However, we may choose to acknowledge researchers who responsibly disclose validated vulnerabilities, subject to our discretion and permission.

  • Avoid exploiting vulnerability beyond the minimum necessary for proof of concept.
  • Avoid accessing or modifying data that does not belong to you.
  • Avoid disrupting services, degrading performance, or conducting denial-of-service (DoS) testing.
  • Give us reasonable time to investigate and resolve the issue before publicly sharing any details.
  • Follow all legal and ethical guidelines when conducting research.

What You Can Expect

Once a vulnerability is reported:

  • You will receive an acknowledgment within 5 business days.
  • We will evaluate and validate the report.
  • If confirmed, we will prioritize remediation based on severity and impact.
  • We may request additional information if needed.
  • Once resolved, we will notify you of the fix.

Thank You

Digitamize Inc. appreciates the efforts of the security community in keeping our platform safe. Your responsible reporting helps us better protect our customers and continuously improve our services.