SHIELDMIND
ProductAI AgentsComparePricingTrust
Sign inGet protectedGet started
Security

Vulnerability Disclosure Policy.

If you've found a security issue in ShieldMind, please report it to bd@dtrasglobal.com. We'll acknowledge within 2 business days, keep you updated, and never pursue legal action against good-faith research.

Last updated · June 5, 2026
Contents
01Scope02How to report03What you can expect from us04Safe harbor05Bug bounty06Severity & response timelines

01Scope

In scope: any production ShieldMind asset — the website (theshieldmind.com), the dashboard (app.theshieldmind.com), the API (api.theshieldmind.com), the macOS / Windows / Linux agents, and the browser extension.

Out of scope: physical security, social engineering against ShieldMind employees, denial-of-service tests against our infrastructure, automated scanner reports without manual validation, and findings on third-party services we do not control (Supabase, Railway, Vercel, WorkOS — report those to the relevant vendor).

02How to report

Email bd@dtrasglobal.com. PGP key available at /.well-known/pgp-key.txt for sensitive reports.

Please include: a clear description of the issue, steps to reproduce, the impact you believe it has, and any proof-of-concept. Screenshots and video help.

Do NOT: access, modify, or destroy data that doesn't belong to you; pivot from one finding into accessing other customers' data; publicly disclose before we've had a chance to remediate.

03What you can expect from us

Acknowledgment within 2 business days.

An initial severity assessment within 5 business days.

Regular updates as we triage and remediate.

Public credit on /security/acknowledgments if you'd like (or anonymous if you prefer).

No legal action against good-faith security research conducted within this policy.

04Safe harbor

We consider security research conducted in line with this policy to be authorized under the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), the IT Act 2000 (India), and equivalent statutes. We won't pursue civil or criminal action against researchers acting in good faith. If a third party (e.g. a cloud provider) takes action against you for activity covered by this policy, we will publicly state that your activity was authorized.

05Bug bounty

We run a private bug bounty program on HackerOne. Submit a quality report via this policy, and we'll invite you to the bounty program where qualifying issues earn cash awards.

06Severity & response timelines

Critical (auth bypass, RCE, mass-data exposure): patch within 7 days.

High (privilege escalation, tenant-isolation break): patch within 14 days.

Medium (sensitive info leak, CSRF on impactful action): patch within 30 days.

Low (rate limits, missing security headers): patch within 60 days.

Questions about this document? Email bd@dtrasglobal.com — we reply within 2 business days.

SHIELDMINDONE AGENT, ONE BRAIN

The unified endpoint + AI security platform for the GenAI era. One agent, one brain.

Product
  • Shadow IT
  • Endpoint DLP
  • AI Defense
  • AI Agent Firewall
  • XDR
Company
  • About
  • Careers
  • Press
  • Contact
Resources
  • Docs
  • API Reference
  • ROI Calculator
  • MDM Install
  • Security
  • Changelog
Trust
  • Trust Center
  • HIPAA BAA
  • GDPR DPA + SCCs
  • DPDPA (India)
  • CCPA Notice
  • Support SLA
  • Vuln. Disclosure
Legal
  • Privacy
  • Terms
  • Sub-processors
  • Sub-proc. updates
  • Data request
© 2026 DTRAS-G Solutions Private Limited. All rights reserved. ShieldMind® is a brand operated by DTRAS-G Solutions Private Limited.
All systems operational·v1.0.0