Vulnerability Disclosure

Primero AI welcomes responsible disclosure of security vulnerabilities. If you believe you have found a security issue, please report it so we can investigate and fix it.

Prefer email? Reach us at security@primero.ai.

Safe Harbor

• Make a good-faith effort to avoid privacy violations, data destruction, or service disruption.
• Only access data necessary to demonstrate the vulnerability.
• Report the vulnerability promptly and allow reasonable time for remediation.

Please do not:

• Conduct denial-of-service testing.
• Access or modify other users’ data.
• Use social engineering, phishing, or physical attacks.

Scope

In scope: Primero AI web applications, APIs, and services owned or operated by Primero AI.

Out of scope: Third-party services or integrations not owned by Primero AI.

Response Timeline

• Acknowledgement within 3 business days
• Initial triage within 7 business days

Bounty Policy

At this time, Primero AI does not offer monetary rewards.

Last updated: January 27, 2026