pichonia-policies

Responsible Disclosure – Trading AI

Last updated: 2025-11-04

1. Purpose

We welcome responsible security research and coordinated disclosure for the Trading AI product and services.

2. Scope

Report vulnerabilities affecting the Trading AI web app, APIs, model endpoints, or infrastructure owned by Pichonia. Third-party data providers/brokers may be out of scope but we will coordinate when possible.

3. How to Report

• Email: security@pichonia.com or info@pichonia.com
• Provide clear reproduction steps, endpoints, sample payloads, logs, and screenshots.
• Please keep findings confidential until remediation or explicit permission.

4. Research Guidelines

• Do not access or modify other users’ data.
• Avoid service degradation; rate-limit your tests.
• No ransom, extortion, or public pressure tactics.

5. Our Commitment

• Initial acknowledgement within 72 hours.
• Transparent status updates and prioritised remediation.
• Optional researcher credit after fix (with your consent).

6. Safe Harbor

Good-faith research within this policy will not be pursued legally by Pichonia.

7. Out of Scope

• Social engineering, physical attacks, or DDoS.
• Theoretical issues without realistic exploitability.
• UI/UX bugs without security impact.

8. Contact

security@pichonia.com · info@pichonia.com