Security & Responsible Disclosure

Origami Precision takes the security of our systems and customer data seriously.

If you believe you have discovered a security vulnerability in any Origami Precision product or service, we encourage you to report it responsibly.

How to report a vulnerability

Please email us at: security@origamiprecision.com

Include, where possible:

• A description of the issue

• The affected URL or component

• Steps to reproduce

• Any proof of concept or screenshots

• Your contact information

We will acknowledge receipt of your report and work to validate and remediate the issue in a timely manner.

Safe harbor

We consider security research conducted in good faith to be authorized and welcome, provided that you:

• Do not exploit the vulnerability beyond what is necessary to demonstrate it

• Do not access or modify customer data

• Do not disrupt service availability

• Do not use automated scanning that causes excessive traffic or denial of service

We will not pursue legal action against researchers who follow these guidelines and report vulnerabilities responsibly.

Scope

This policy applies to:

• Origami Precision web applications and web site

• origami lens and related services

• APIs and supporting infrastructure owned and operated by Origami Precision

Third-party services integrated into our products are governed by their own security policies.

Disclosure process

We ask that you:

• Allow reasonable time for investigation and remediation

• Avoid public disclosure until the issue is resolved or coordinated with us

Acknowledgments

We thank security researchers and community members who help improve the

security of our products through responsible disclosure.

Origami Precision does not currently offer a paid bug bounty program.

Acknowledgments are provided privately unless otherwise agreed.