Vulnerability Disclosure Policy

1. Scope

• In scope: timelygrader.ai, api.timelygrader.ai, mobile apps (iOS/Android).
• Out of scope: physical attacks, social engineering, DoS or spam.

2. Safe Harbor

We pledge not to initiate legal action against anyone acting in good faith. Please avoid manipulative or destructive testing.

3. How to Report

Send your report via email to security@timelygrader.ai. You can encrypt your report with our PGP key: pgp-key.asc.

4. Response & Remediation

• Acknowledgment: within 5 business days.
• Initial triage & status update: within 15 business days.
• Resolution timeline: typically within 90 days, depending on severity.

5. Acknowledgements

View our hall of fame: Acknowledgements Page

6. Legal

By submitting a vulnerability, you agree to our terms and acknowledge you will not violate any laws.