Legal
Responsible Disclosure
Last updated: 3 July 2026
Reporting a vulnerability
If you believe you have found a security vulnerability in apcgstrategy.com or a related APCG service, we would like to hear from you. Email hello@apcgstrategy.com with the subject line “Security disclosure”, including steps to reproduce and the potential impact.
Ground rules
- Do not access, modify, or delete data that is not your own.
- Do not degrade the service for other users (no denial-of-service or volumetric testing).
- Do not use social engineering, phishing, or physical attacks.
- Give us reasonable time to remediate before any public disclosure.
Our commitment
We will acknowledge good-faith reports promptly, keep you informed of progress, and will not pursue legal action against research conducted within these rules. We are grateful to researchers who help keep our clients' data safe.
