Responsible Disclosure Policy

Effective Date: June 1, 2025

Last Reviewed: June 1, 2025

Data security is a top priority for Orum, and we believe that working with skilled security researchers can identify weaknesses in any technology. If you believe you've found a security vulnerability in Orum's service, please notify us and we will work with you to resolve the issue promptly. A monetary reward or a form of compensation for valid findings is up to the discretion of the Orum staff.

Disclosure Policy

• If you believe you've discovered a potential vulnerability, please let us know by emailing us at security@orum.com.
• Refrain from disclosing it to the public or a third party.
• Do not violate privacy, destroy data, or degrade the Orum application or services. Please only interact with accounts you own.

Exclusions

While researching, do not perform the following actions:

• Distributed Denial of Service (DDoS)
• Spamming
• Social engineering or phishing of Orum employees or contractors
• Any attacks against Orum's physical property or data centers

Disciplinary Action

Bug bounty hunters or security researchers who violate this policy may face legal consequences.

Thank you for helping to keep Orum users safe!