> For the complete documentation index, see [llms.txt](https://docs.kula.digital/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.kula.digital/trust-and-legal/disclosure.md). # Responsible disclosure > **Draft — for review before publishing.** Confirm the security contact address and any safe-harbour wording with your legal advisers before this is relied upon. We take the security of studios' data seriously and welcome good-faith reports from security researchers and users. ## How to report Email **** with: * A description of the issue and where you found it. * Steps to reproduce (proof-of-concept, requests, screenshots). * The potential impact as you see it. If you need to share sensitive details, ask in your first message and we'll arrange an encrypted channel. ## What to expect * We aim to **acknowledge** your report within a few business days. * We'll keep you updated on our assessment and the fix. * With your permission, we're happy to credit you once the issue is resolved. ## Good-faith guidelines Please help us keep studios' data safe while you research: * **Only test against your own account or data**, or a test account we provide. Never access, modify, or exfiltrate another studio's data. * **Don't run** denial-of-service tests, spam, or social-engineering against our staff or users. * **Give us reasonable time** to fix an issue before disclosing it publicly. We will not pursue or support legal action against researchers who act in good faith and follow these guidelines. ## Out of scope Reports that are typically not actionable on their own: missing security headers without a demonstrated impact, rate-limiting on non-sensitive endpoints, and findings that require a compromised device or a already-privileged account. When in doubt, send it anyway — we'd rather hear about it. ## A note for connected AI clients Kula Intelligence is read-mostly and tightly scoped by design — it moves no money and writes nothing back to your connected tools (see [Security & data handling](/trust-and-legal/security.md)). If you believe a tool behaves outside those bounds, that's exactly the kind of report we want. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kula.digital/trust-and-legal/disclosure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.