RHM DigitalRHM Digital← Back to home

Legal

Vulnerability Disclosure Policy

Last updated: July 2026

We appreciate the work of security researchers who help keep RHM Digital safe. This policy describes how to report a suspected vulnerability and what you can expect from us in return.

1. How to report

Send a report to info@rhmdigital.com with a clear description of the vulnerability, the steps to reproduce it, and any proof-of-concept material needed to understand its impact.

2. What we ask of you

  • Give us a reasonable amount of time to investigate and remediate before disclosing the issue publicly
  • Avoid accessing, modifying, or deleting data that does not belong to you
  • Do not run automated scanning tools that could degrade service for other customers
  • Do not attempt social engineering, phishing, or physical attacks against our staff or offices
  • Act in good faith and avoid privacy violations or service disruption

3. What you can expect from us

  • An acknowledgment of your report within 5 business days
  • An assessment of severity and, where applicable, an estimated remediation timeline
  • Credit for your discovery, if you would like it and once the issue is resolved
  • No legal action against researchers who follow this policy in good faith

4. Scope

This policy covers the RHM Digital web application and API. It does not cover third-party services we integrate with (such as our AI model providers, authentication provider, or payment provider), which should be reported directly to those vendors.

Related documents

Security Overview
How we protect customer data.
© 2026 RHM Digital
Legal CenterPrivacyTermsSecurityDPAAI TransparencyResponsible AIData RetentionService LevelCookie PolicyCopyrightContact