InsightGig Responsible Disclosure Policy

Effective Date: 15th Aug 2025

1. Purpose
InsightGig is committed to maintaining the security and integrity of our Operating Layer and protecting the data and privacy of our users. We recognize the valuable role that independent security researchers play in this process. This Responsible Disclosure Policy outlines our commitment to working with the security community and provides guidelines for reporting potential security vulnerabilities.
2. Scope
This policy applies to vulnerabilities discovered in the InsightGig Operating Layer and related services, including: web applications, APIs, AI agent interfaces, user account systems, and data storage mechanisms operated under the insightgig.com domain.
3. Reporting a Vulnerability

If you believe you have discovered a security vulnerability, we encourage you to report it to us as soon as possible by emailing security@insightgig.com. Please include the following in your report:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and risk level
  • Any proof-of-concept code or screenshots
  • Your contact information (optional, if you wish to receive acknowledgment or updates)
4. Our Commitments to Researchers

InsightGig pledges to:

  • Acknowledge receipt of your report within 5 business days
  • Investigate and validate reported issues in a timely manner
  • Work to remediate confirmed vulnerabilities promptly
  • Provide updates on the status of your report
  • Credit you publicly for valid reports, if desired and appropriate
  • Not pursue legal action against you if you follow this policy in good faith
5. Researcher Expectations

To be eligible for recognition and to remain within safe harbor, researchers must:

  • Avoid accessing or modifying user data without explicit permission
  • Not disrupt or degrade our services
  • Use test accounts where possible and avoid impacting production systems
  • Refrain from using automated tools that generate excessive traffic
  • Not exploit vulnerabilities for personal gain
  • Give us reasonable time to fix issues before publicly disclosing them
6. Out of Scope

The following issues are outside the scope of this policy:

  • Clickjacking on pages with no sensitive content
  • Rate limiting or brute-force on non-authenticated endpoints
  • Disclosure of public or non-sensitive information
  • Self-XSS (user-caused XSS without a direct security impact)
  • Issues requiring social engineering
  • SPF, DKIM, or DMARC issues without clear exploitability
7. Legal Safe Harbor
If you act in good faith and comply with this policy, we will consider your research authorized and will not initiate legal action against you. This includes activities consistent with avoiding harm to InsightGig, its users, and the broader community. We welcome responsible disclosure and aim to build trust and collaboration with the security research community.
8. Updates to This Policy
We may revise this policy from time to time. The most current version will be available at insightgig.com or by request. Significant updates will be communicated via our official communication channels.
9. Contact

To report a security issue or ask questions about this policy, please contact us at:

Email: hello@insightgig.com
Address: 651 N Broad St, Suite 201, Middletown, New Castle County, DE 19709