APCGApirat Performance Catalyst Group

Legal

Responsible Disclosure

Last updated: 3 July 2026

Reporting a vulnerability

If you believe you have found a security vulnerability in apcgstrategy.com or a related APCG service, we would like to hear from you. Email hello@apcgstrategy.com with the subject line “Security disclosure”, including steps to reproduce and the potential impact.

Ground rules

  • Do not access, modify, or delete data that is not your own.
  • Do not degrade the service for other users (no denial-of-service or volumetric testing).
  • Do not use social engineering, phishing, or physical attacks.
  • Give us reasonable time to remediate before any public disclosure.

Our commitment

We will acknowledge good-faith reports promptly, keep you informed of progress, and will not pursue legal action against research conducted within these rules. We are grateful to researchers who help keep our clients' data safe.