Report a vulnerability — we’ll work with you.
Eve-Legal, LLC welcomes reports of security vulnerabilities in JustineAI™. Because the Platform holds privileged legal and medical data, we take every report seriously and respond quickly. This policy explains how to report, what’s in scope, and the good-faith commitment we make to researchers.
1. How to report
Email security@mindhyve.ai or submit our contact form noting “security vulnerability.” Include the affected URL or endpoint, a description of the issue, reproduction steps, and any proof-of-concept. Please do not include real client or matter data in your report. Encrypt sensitive details on request.
2. Safe harbor
We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, do not access or exfiltrate data beyond the minimum needed to demonstrate the issue, and give us a reasonable opportunity to remediate before public disclosure. Activity consistent with this policy is authorized; we consider it help, not intrusion.
3. Scope
In scope: the JustineAI™ production application and API, and this marketing site. Out of scope: the underlying Microsoft Azure platform (report to Microsoft), third-party services, denial-of-service testing, social engineering, physical attacks, and findings that require a compromised device or a privileged internal account.
4. What to expect
We acknowledge reports promptly, trace and validate the issue, keep you updated on remediation, and credit reporters who wish to be named once the fix has shipped. We do not currently run a paid bug-bounty program; we handle reports through coordinated disclosure.
5. Please do not
Access, modify, or delete data that is not yours; degrade or interrupt the service; attempt to phish or socially engineer our people or customers; or disclose a vulnerability publicly before we have had a reasonable opportunity to remediate.