# Reporting Security Issues

Cloud Premises Technologies takes all security reports seriously. If you discover a potential security vulnerability in our **SaaS products, SAP services, cloud infrastructure, or any associated enterprise services**, please report it **directly and securely** to our security team at:

**Email:** security@cloudpremises.org  
**PGP Key:** Available upon request for encrypted communication  
**Security Portal:** [security.cloudpremises.org](https://security.cloudpremises.org)

Please **do not disclose security vulnerabilities publicly** through social media, forums, or public repositories, as this may expose our enterprise clients to significant risk.

## Our Commitment

We will:

- Acknowledge your report within 24 business hours
- Conduct a thorough investigation and provide regular updates
- Work with our engineering teams to address confirmed vulnerabilities
- Coordinate disclosure timelines with affected enterprise clients
- Recognize and credit security researchers who responsibly disclose vulnerabilities

## Scope

This policy applies to:
- All Cloud Premises SaaS products and platforms
- SAP implementation and consulting services
- Cloud infrastructure and API endpoints
- Corporate website and client portals
- Mobile applications and integrations

## Out of Scope
- Third-party services and integrations
- Feature requests and UI/UX improvements
- Non-security related bugs
- Social engineering attacks

**Safe Harbor:** We welcome good-faith security research and will not pursue legal action against researchers who:
- Conduct security research in accordance with this policy
- Avoid privacy violations, data destruction, and service interruption
- Provide reasonable time for remediation before public disclosure
- Make no demands for compensation or bounty payments

For enterprise clients with specific security compliance requirements, please contact your designated security liaison or account manager.