Security
Responsible disclosure and security contact.
HolonomiX welcomes good-faith security reports for public and explicitly authorized evaluation surfaces. Use the right channel and avoid destructive testing.
Disclosure policy
Report vulnerabilities without disrupting systems.
Good-faith reports are reviewed with a coordinated-disclosure posture. Testing must remain non-destructive, scoped, and respectful of user data and service availability.
In scope
holonomx.com public website, app/gate surfaces, contact intake, HX-SDP and HX-Provenance evaluation surfaces when you have explicit authorization
Out of scope
Social engineering, physical attacks, destructive testing, denial of service, spam, credential stuffing, attacks against third-party services without permission
Report content
Affected URL or surface, steps to reproduce, impact, screenshots/logs where safe, your contact information, and whether disclosure timing matters
Response expectation
Security reports are triaged by severity and business impact. Coordinated disclosure and remediation timing are handled case by case.
Contact
Send security reports to the security mailbox.
Use security@holonomx.com. Include reproduction details and mark the report confidential if premature disclosure could increase risk.
Security.txt
Machine-readable policy is published.
The site includes /.well-known/security.txt with contact, canonical policy URL, and preferred language. The full Trust Center covers deployment and data-handling boundaries.
Trust Center
Need a security packet instead?
Use Request Access for architecture, deployment, proof, and data-handling diligence.