Security Policy

Security Policy

How to report vulnerabilities and help keep our systems secure.

How to report vulnerabilities and help keep our systems secure.

Last updated on

Last updated on

Scope and Authorization

Pacer Intelligence Inc. (“Pacer Intelligence,” “we,” “us,” or “our”) welcomes responsible security vulnerability reports regarding our public-facing infrastructure, including our website, platform, applications, APIs, and related endpoints at:

*.pacerintelligence.ai

Security researchers must conduct testing in a manner that does not disrupt service availability, degrade performance, compromise customer data, or access systems or information beyond what is necessary to verify a vulnerability.

Vulnerability Reporting Process

To submit a security vulnerability report, please:

  1. Send detailed findings only to: security@pacerintelligence.ai

  2. Include clear reproduction steps, impact assessment, affected systems, and supporting evidence.

  3. Follow responsible disclosure practices by allowing us sufficient time to investigate and remediate before any public disclosure.

Important: We only accept and respond to vulnerability reports submitted by email to security@pacerintelligence.ai. Reports submitted through other channels, including social media, messaging apps, community forums, personal email addresses, or support channels, will not be considered valid submissions and are not eligible for rewards or acknowledgment.

For encrypted communications, please use our PGP key available at:

https://pacerintelligence.ai/security

Security Contact Information

Our security contact information and PGP public key for encrypted communications are available at:

https://pacerintelligence.ai/security

We encourage researchers to use PGP encryption when sharing sensitive vulnerability details.

Our Commitment

Pacer Intelligence is committed to:

  • acknowledging valid reports within 2 business days;

  • providing status updates during the resolution process where appropriate;

  • recognizing contributors for verified submissions, with explicit consent;

  • offering safe harbor protection for good-faith security research conducted within these guidelines.

Prohibited Testing Activities

The following activities are expressly prohibited:

  • denial-of-service or distributed denial-of-service testing;

  • any activity that degrades, disrupts, or impairs system availability;

  • social engineering attacks targeting employees, contractors, customers, or users;

  • phishing, spam, or credential-harvesting attempts;

  • physical security testing of our offices, facilities, or vendors;

  • automated vulnerability scanning without prior written authorization;

  • accessing, modifying, deleting, copying, or exfiltrating data that does not belong to you;

  • attempting to establish persistence or pivot to other systems;

  • testing third-party services, integrations, or vendors outside our authorization.

Resolution Timeframes

We strive to address verified security vulnerabilities according to the following target timeframes:



Severity

Target Resolution

Critical

24–48 hours

High

7 business days

Medium

14 business days

Low

30 business days

These timeframes are targets and may vary depending on complexity, dependencies, third-party involvement, and required validation.

Vulnerability Rewards

Pacer Intelligence may provide compensation for valid security vulnerability reports.

Reward amounts are determined based on:

  • severity of the vulnerability;

  • quality and completeness of the report;

  • clarity of reproduction steps;

  • potential impact on our systems, customers, and users;

  • whether the vulnerability was previously unknown.

Each submission is evaluated individually. Final reward determinations are made at the sole discretion of the Pacer Intelligence security team.

Eligibility for Rewards

To be eligible for compensation:

  • the vulnerability must be previously unknown to us;

  • the vulnerability must be verified by our security team;

  • the report must include sufficient information to reproduce and validate the issue;

  • the researcher must comply with this Security Policy;

  • the vulnerability must represent a genuine security risk;

  • the researcher must not access, alter, destroy, disclose, or exfiltrate customer data;

  • the researcher must not use disruptive or prohibited testing methods.

Safe Harbor

We will not pursue legal action against researchers who conduct security research in good faith, comply with this Security Policy, avoid privacy violations and service disruption, and promptly report discovered vulnerabilities to us.

Safe harbor does not apply to activity that violates this policy, applicable law, third-party rights, or the security of users, customers, or systems outside the authorized scope.

Identity Verification and Payment Process

Pacer Intelligence reserves the right to conduct Know Your Customer, sanctions, tax, and payment verification checks for reward recipients.

This process helps us:

  • comply with applicable laws and regulations;

  • prevent fraud;

  • process payments correctly;

  • comply with sanctions, export control, tax, and anti-money laundering requirements.

To receive payment, you may be required to provide:

  • legal name and address;

  • government-issued identification;

  • tax information relevant to your jurisdiction;

  • payment details;

  • other documentation required by applicable regulations or our payment providers.

All personal information collected during this process will be handled in accordance with our Privacy Policy and applicable data protection laws.

Contact

For security reports and vulnerability submissions, contact:

Pacer Intelligence Inc.
251 Little Falls Drive
Wilmington, DE 19808
United States

Security: security@pacerintelligence.ai
Legal: legal@pacerintelligence.ai
Website: www.pacerintelligence.ai
PGP Key: https://pacerintelligence.ai/security

Operate your own AI lab.

© 2026 Pacer Intelligence Inc. · Built in SAN FRANCISCO

System status · OperationaL

System status · OperationaL

v 2026.5

v 2026.5