Security Disclosure Policy

1. Scope

This policy applies to all production services operated by Apivom Technology FZ-LLC under the apivom.com domain and its subdomains, including the Apivom MCP endpoint at apivom.com/mcp.

2. Reporting a Vulnerability

If you believe you have found a security vulnerability, please report it to us privately before any public disclosure.

• Email: security@apivom.com
• WhatsApp: +971 56 859 5876

Please include: affected endpoint or component, reproduction steps, observed impact, and your contact details.

3. Machine-Readable Record (RFC 9116)

Our security.txt is published at /.well-known/security.txt.

4. Our Commitment

• We acknowledge reports within two business days.
• We investigate and triage within five business days.
• We coordinate disclosure timelines with the reporter.
• We do not pursue legal action against good-faith researchers who follow this policy.

5. Out of Scope

• Denial-of-service testing against production.
• Social engineering of Apivom employees or customers.
• Physical attacks against Apivom or its data-center providers.
• Reports generated solely by automated scanners with no validated impact.

6. Contact

Apivom Technology FZ-LLC

DMC-BLD-VD-G00-706, Building 5, Dubai Media City, Al Sofouh Second, Dubai, UAE

Security: security@apivom.com

General: info@apivom.com