Our Commitment to Security

Inspirable LLC takes the security of our systems and our clients' data seriously. We maintain SOC 2 Type II compliance and employ rigorous security practices across all of our infrastructure. We welcome responsible security research and appreciate the efforts of security researchers who help us maintain the highest standards of protection.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability in any Inspirable-owned system or website, please report it to us as soon as possible. Send your report to:

Email: [email protected] Please include as much of the following information as possible to help us understand and address the issue quickly: a description of the vulnerability, steps to reproduce the issue, the potential impact of the vulnerability, and any proof-of-concept code or screenshots.

What to Include in Your Report

A good vulnerability report helps us understand and fix the issue faster. Please include:

• A detailed description of the vulnerability and its potential impact
• Step-by-step instructions to reproduce the issue
• The URL(s) or system(s) affected
• Any tools, scripts, or proof-of-concept code used to discover the issue
• Your contact information for follow-up questions

Scope

This vulnerability disclosure policy applies to the following systems and services:

• inspirable.com and all subdomains
• Web applications and infrastructure managed by Inspirable LLC
• APIs and services operated by Inspirable LLC

This policy does not apply to third-party services, systems hosted by our clients, or any systems not owned or operated by Inspirable LLC.

Safe Harbor

Inspirable LLC supports responsible security research. We will not take legal action against security researchers who discover and report vulnerabilities in good faith and in accordance with this policy. To qualify for safe harbor, researchers must:

• Make a good-faith effort to avoid privacy violations, destruction of data, and interruption of services
• Only interact with accounts you own or with explicit permission from the account holder
• Not exploit a vulnerability beyond what is necessary to demonstrate the issue
• Report the vulnerability promptly and not disclose it publicly until we have had reasonable time to address it
• Not use the vulnerability to access, modify, or delete data belonging to other users

Our Response

When you submit a vulnerability report, you can expect the following from our security team:

• Acknowledgment of your report within 3 business days
• An initial assessment of the reported vulnerability within 10 business days
• Regular updates on the status of the fix
• Notification when the vulnerability has been remediated

We ask that you allow us a reasonable amount of time to investigate and address the vulnerability before making any public disclosure. We are committed to transparent communication throughout the process.

Out of Scope

The following types of findings are generally considered out of scope:

• Denial-of-service (DoS or DDoS) attacks
• Social engineering or phishing attacks against Inspirable employees or clients
• Physical attacks against Inspirable offices or data centers
• Issues in third-party software or services that we do not control
• Spam or email best-practice findings (SPF, DKIM, DMARC configuration)
• Missing HTTP security headers that do not lead to a demonstrable vulnerability