Security
Report a Security Concern
If you believe you've identified a security issue involving Tercion systems, websites, email, or domains, we want to hear from you.
Tercion takes the security of our systems, our clients, and the people we work with seriously. This page exists so that clients, researchers, vendors, partners, and members of the public have a clear, direct way to report suspected security issues involving Tercion infrastructure, websites, email, or domains.
When to Report a Security Concern
Please report if you have observed:
- A suspected vulnerability in a Tercion website, application, or system
- Evidence of unauthorized access to, or compromise of, a Tercion system or account
- A suspicious email, phishing attempt, or domain impersonating Tercion
- Exposed or unintentionally disclosed data involving Tercion systems
- Any other activity that may indicate a security risk to Tercion or the people we serve
What to Include in Your Report
A useful report typically includes:
- A clear description of what you observed and why it concerns you
- The specific system, URL, domain, or email address involved
- Steps to reproduce or observe the issue, if applicable
- The date and time you observed the activity
- Any supporting evidence, such as a screenshot or log excerpt, that doesn't itself contain sensitive information
- Your contact information, so we can follow up with questions
What Not to Submit
To protect you and us, please do not include the following in a report submitted through this page or by email:
- Classified, controlled unclassified (CUI), or export-controlled information
- Sensitive personal information belonging to yourself or others (for example, Social Security numbers, financial account numbers, or health information)
- Proprietary or confidential information belonging to a third party
- Data obtained by accessing, modifying, or exfiltrating more than necessary to demonstrate an issue
- Results of automated scanning, load testing, or any activity that could degrade service availability for others
If a report requires sharing something in one of these categories to be understood, please describe it in general terms and let us coordinate a secure way to review specifics.
Responsible Disclosure Expectations
We ask that anyone reporting a security concern:
- Give us a reasonable opportunity to investigate and address the issue before any public disclosure
- Act in good faith, avoid privacy violations, and avoid service disruption
- Report through the channels on this page rather than a public forum or social media
This is not a bug bounty program. We do not offer financial rewards, compensation, or public recognition for reports submitted through this page or to security@tercion.com. We do commit to acknowledging legitimate reports and communicating in good faith with the people who send them.
Not for Emergencies or Law Enforcement Requests
This page is for reporting security concerns for review and investigation. It is not monitored for emergencies and is not a substitute for contacting law enforcement. If you're facing an active threat to life or safety, contact local emergency services. If you're a law enforcement agency with a legal request, please use the appropriate legal process rather than this form.
Contact
You can also reach us directly at security@tercion.com instead of using the form below.
Privacy
Information submitted through this page is used only to investigate and respond to the report. See our Privacy Policy for details on how we handle information submitted through this site.
Submit a Report
Describe the concern and how we can verify it.
Fields marked required are needed for us to investigate. Please review the sections above before submitting.
