Legal
Security Policy
How to report security issues responsibly.
Report a Vulnerability
Email admin@cordum.io with a clear description, impact, and steps to reproduce. We acknowledge reports within two business days.
In Scope
- cordum.io website
- Cordum control plane and docs
- Public APIs and endpoints we operate
Out of Scope
- Denial of service or load testing
- Social engineering or phishing
- Third-party services we do not control
Please avoid accessing or modifying user data and do not test on production systems without explicit permission. Good-faith reports are welcome.