Responsible Disclosure
If you've discovered a security vulnerability affecting acglass.com or any ACG digital surface, we'd like to hear about it.
How to Report
Email [email protected] with:
- A description of the vulnerability
- Steps to reproduce
- The affected URL or endpoint
- Any proof-of-concept code or screenshots
- Your name (for attribution if you'd like it)
Our Response
- We'll acknowledge your report within 48 business hours.
- We'll provide a status update within 7 business days.
- We'll credit you publicly (with permission) once the issue is resolved.
- We do not currently offer monetary bounties, but we treat every report seriously.
Scope
In scope: acglass.com (production), acglass.ai (redirect), all subdomains, and assets served from these domains.
Out of scope: third-party services we use (Google Analytics, GitHub Pages, Cloudflare, Formspree). Please report those to the respective vendors.
Safe Harbor
If you make a good-faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will not pursue civil action or initiate a complaint to law enforcement.
Please do not access, modify, or destroy data that is not your own. Do not perform tests that could degrade service for our users.
Machine-readable: /.well-known/security.txt
Last reviewed: April 2026 · Next review: April 2027