Scope

This process applies to Absinthe Labs–owned applications, APIs, and infrastructure.

Out of scope

• Third-party services not operated by Absinthe Labs

• Denial-of-service attacks

• Social engineering or phishing

• Physical security issues

If you are unsure whether something is in scope, submit a report and we will review it.

Disclosure Expectations

We ask that reporters:

• Do not publicly disclose issues before remediation

• Limit testing to what is necessary to demonstrate the issue

• Avoid modifying or exfiltrating data

• Act in good faith

Safe Harbor

Good-faith security research conducted in line with these guidelines is considered authorized.
Absinthe Labs will not pursue legal action for such activity.

Compensation

For qualifying vulnerabilities that are responsibly disclosed, Absinthe Labs may offer compensation or recognition at our discretion.