← Back to Home

Vulnerability Disclosure Policy

Last updated: February 15, 2026

Last updated: 15 February 2026

1. Introduction

PureTensor Ltd welcomes reports of security vulnerabilities in our websites, services, and infrastructure. We are committed to working with security researchers to verify and address potential vulnerabilities.

2. Scope

In Scope: puretensor.co.uk and all subdomains, any publicly accessible PureTensor infrastructure, and PureTensor-developed tools and software.

Out of Scope: Third-party services linked from our site, social engineering attacks against employees, physical security assessments, denial of service (DoS/DDoS) testing, spam or email-based attacks, and client systems and infrastructure.

3. How to Report

Send your report to: security@puretensor.ai (or ops@puretensor.ai with "Security Vulnerability Report" in the subject line).

Include: description of the vulnerability and potential impact, steps to reproduce, your assessment of severity, and your contact information (anonymous reports accepted).

4. What We Ask of You

Act in good faith. Do not exploit vulnerabilities beyond demonstration. Do not access, modify, or delete data belonging to others. Do not disrupt services. Report promptly. Allow reasonable time for remediation before public disclosure. Comply with the Computer Misuse Act 1990.

5. What We Commit To

Acknowledgement within 3 business days. Initial assessment within 10 business days. Ongoing communication on progress. Critical vulnerabilities remediated within 30 days, others within 90 days. No legal action against researchers who comply with this policy. Credit with your permission.

6. Safe Harbour

Security research conducted in accordance with this policy is considered authorised with respect to the Computer Misuse Act 1990 and conducted in good faith. If legal action is initiated by a third party, we will make known that your actions complied with this policy.

7. Disclosure

We follow coordinated disclosure principles. We ask that you do not publicly disclose until we have had reasonable opportunity to address the vulnerability. We will coordinate timing and content of any public disclosure.

8. Recognition

We do not currently operate a paid bug bounty programme. With your consent, we will credit you by name or alias in any advisory and provide a letter of acknowledgement.

9. References

This policy is aligned with the NCSC Vulnerability Disclosure Toolkit, ISO/IEC 29147:2018, and disclose.io Safe Harbor.

10. Contact

Security reports: security@puretensor.ai. General enquiries: ops@puretensor.ai. PureTensor Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.