Security & Compliance
Vulnerability Disclosure Policy
How researchers can report security issues safely and what to expect.
- Status
- Active
- Effective
- June 3, 2026
- Owner
- Chief Information Security Officer
Reporting
Email security@nyrava.dev with reproduction steps. PGP key available on request.
Safe Harbor
Good-faith research that respects scope and user privacy will not result in legal action.
Out of Scope
Social engineering, physical attacks, denial-of-service, and any testing against production inmate or attorney data.