Security

and Responsible Disclosure Policy

How you can help us keep users safe

We recognise the importance of responsible vulnerability reporting and collaboration with the security community.
You might also want to read...

Last Updated: July 15, 2026

Negative PID is committed to maintaining the security and integrity of our website, online services, and customer-facing systems.

As a company providing cybersecurity, digital investigations, and privacy services, we recognise the importance of responsible vulnerability reporting and collaboration with the security community.

Negative PID welcomes responsible reports from individuals who identify genuine security vulnerabilities affecting our website or services. This policy is intended for responsible disclosure of security issues and is not a solicitation for security testing services or a bug bounty programme. 

This Responsible Disclosure Policy applies to security vulnerabilities identified in:

  • the Negative PID website;
  • publicly available online services operated by Negative PID;
  • online forms and digital resources provided through our website.

If you are unsure whether a system is within scope, please contact us before conducting any testing.

If you perform security research against systems covered by this policy, we ask that you:

  • act responsibly and ethically;
  • avoid accessing, modifying, deleting, or disclosing data belonging to other users;
  • avoid disrupting the availability or performance of our services;
  • only test systems where you have appropriate authorisation;
  • limit testing to the minimum activity necessary to demonstrate the issue;
  • protect any information discovered during testing. 

Security testing performed without prior authorisation must not involve exploitation, access to non-public information, disruption of services, or activities that could affect website availability or user privacy.

Unless explicitly agreed in writing, this policy does not authorise:

  • penetration testing against Negative PID systems;
  • automated vulnerability scanning that may impact availability;
  • denial-of-service testing;
  • social engineering attempts;
  • phishing campaigns;
  • attempts to access, modify, or extract data;
  • testing involving third parties connected to Negative PID services.

Unauthorised access or testing may violate applicable laws and may be subject to investigation.

If you believe you have identified a security vulnerability, please report it to:

Email: security@negativepid.com

Please include, where possible:

  • a description of the vulnerability;
  • the affected website page, service, or component;
  • steps required to reproduce the issue;
  • screenshots, logs, or supporting technical details;
  • the potential impact;
  • any suggested remediation steps.

Reports should contain sufficient technical information to allow Negative PID to validate the issue. Reports without evidence, reproducible steps, or sufficient technical details may not be investigated.

Please do not include sensitive personal data, credentials, or confidential information unless necessary to demonstrate the issue.

When we receive a security report, we will:

  • acknowledge receipt where possible;
  • review the reported issue;
  • investigate and validate the finding;
  • take appropriate remediation steps where required;
  • communicate relevant updates where appropriate.

Response times may vary depending on the complexity and severity of the issue.

We encourage responsible coordination before publicly disclosing security vulnerabilities.

Please allow us reasonable time to investigate and address a reported issue before sharing details publicly.

We appreciate security researchers who provide information that helps improve the security of our services.

Where a security researcher follows this policy and acts in good faith, Negative PID will:

  • consider the report constructively;
  • avoid unnecessary legal action related solely to the responsible disclosure activity;
  • work collaboratively to understand and resolve legitimate security concerns.

This does not apply to activities involving malicious intent, unauthorised access, data misuse, disruption of services, or violations of applicable law.

Negative PID does not currently operate a bug bounty programme and does not offer financial rewards or compensation for vulnerability reports submitted under this Responsible Disclosure Policy.

By submitting a security report, you acknowledge that:

  • the submission is voluntary;
  • no payment, reward, or other compensation is guaranteed;
  • submitting a report does not create a contractual relationship with Negative PID;
  • Negative PID is under no obligation to implement suggested changes, provide detailed follow-up, or publicly acknowledge the report;
  • any consideration of a report is entirely at Negative PID's discretion.

We appreciate individuals who responsibly report genuine security issues and may acknowledge valuable contributions where appropriate.

Reports submitted primarily to request payment, services, publicity, or commercial engagement may not receive a response.

Reported vulnerabilities may be assessed based on factors including:

  • potential impact;
  • affected systems;
  • likelihood of exploitation;
  • data exposure risk;
  • availability of mitigations.

Not every reported issue will require remediation. Some reports may relate to expected behaviour, configuration choices, third-party services, or low-risk findings.

Negative PID uses third-party services and infrastructure providers to operate certain website functions.

If you identify a vulnerability relating to a third-party service, please report it directly to the relevant provider where appropriate.

If the issue affects Negative PID's use of that service, you may also notify us.

For security-related reports:

Negative PID
Email: security@negativepid.com
Website: https://negativepid.com

For general privacy enquiries or data protection requests, please use:

Email: privacy@negativepid.com

We may update this Responsible Disclosure Policy from time to time to reflect changes in our services, security practices, or operational requirements.

The latest version will always be published on this page.

Secret Link
Negative PID
Privacy Overview

Please refer to our Privacy Policy.