Reporting a Vulnerability
If you believe you've identified a security issue in our systems, we encourage you to reach out. Please send a detailed report to contact@lucidact.com.
To help us respond effectively, include:
Location
The website, IP address, or specific page where the issue was found.
Vulnerability Type
A clear description of the type of vulnerability (e.g., XSS, SQL injection).
Steps to Reproduce
Step-by-step instructions to reproduce the issue and any supporting proof of concept (non-destructive only).
The more clarity you provide, the faster we can act.
What You Can Expect From Us
We take every valid report seriously. Here's what you can expect after submitting:
Acknowledgment & Triage
We'll confirm receipt of your report and assess its validity and severity.
Response Within 5 Days
A response within 5 working days for all valid submissions.
Investigation & Resolution
Continuous efforts to investigate and resolve the reported issue promptly.
Remediation Notification
A notification once the vulnerability has been successfully resolved.
To ensure efficiency, we may not respond to duplicate reports, non-issues, or submissions without actionable details.
Responsible Disclosure Guidelines
To help us maintain a safe and secure environment for everyone, we ask that you follow these guidelines when conducting security research:
- Follow all applicable laws and regulations
- Avoid accessing, altering, or exposing data without authorization
- Do not disrupt or degrade our services or systems
- Use non-destructive testing methods only
- Keep all vulnerability details confidential until resolved
This ensures that vulnerabilities can be addressed without unintended harm to our patients or platform.
Legal Safe Harbor
We aim to align with widely accepted responsible disclosure practices. However, this policy does not permit actions that:
- Violate any laws or regulations
- Lead to unauthorized access, data breaches, or service disruption
- Cause LucidAct Health to be in breach of its legal obligations
We encourage ethical, responsible research conducted with care and in good faith.
Recognition
While we do not offer monetary rewards, we deeply appreciate the time and expertise you invest in helping us improve. With your permission, we will proudly acknowledge your contribution on our website โ because your effort helps make healthcare safer for everyone.
Contact & Follow-Up
For submissions or follow-ups on existing reports, please contact our security team directly at contact@lucidact.com. We appreciate your contribution to making LucidAct Health safer for everyone.