Our Commitment to Security
At Ravenna, we recognize that the security of our systems and data is paramount. We embrace collaboration with the security research community as a vital component of our comprehensive security strategy. Your expertise helps us maintain the highest standards of protection for our users and infrastructure.

Reporting Security Issues
If you've discovered a potential security vulnerability in any Ravenna service or system, we encourage you to report it to us immediately. We are committed to working collaboratively to understand and address the issue quickly.

How to Report
Please send detailed vulnerability reports to: security@ravenna.ai Your report should include:

• A clear description of the vulnerability

• Steps to reproduce the issue

• Potential impact assessment

• Any proof-of-concept code (if applicable)

• Your contact information for follow-up

Responsible Disclosure Guidelines
To ensure the safety of our users while you conduct security research, we ask that you:

• Avoid accessing, modifying, or deleting data that doesn't belong to you.

• Refrain from degrading or disrupting our services.

• Limit testing to the minimum necessary to demonstrate the vulnerability.

• Keep your findings confidential until we've had adequate time to address them.

• Exclude physical security attacks, social engineering, or spam from your research.

• Respect user privacy and avoid accessing user data beyond what's necessary.

Our Response Commitment
When you report a vulnerability to us:

1. Acknowledgment: We'll confirm receipt of your report within 48 hours.

2. Assessment: Our security team will evaluate and reproduce the issue.

3. Communication: We'll keep you informed of our progress.

4. Resolution: We'll work diligently to fix confirmed vulnerabilities.

5. Recognition: With your permission, we're happy to acknowledge your contribution.

Safe Harbor
Ravenna considers security research conducted in accordance with this policy as authorized activity. We will not pursue legal action against researchers who:

• Comply with this vulnerability disclosure policy.

• Act in good faith to avoid privacy violations and disruption to our services.

• Promptly report vulnerabilities to us.

Scope
This policy applies to all Ravenna services, including:

• Our main platform and APIs

• Mobile applications

• Web applications and services

• Supporting infrastructure

Updates to This Policy
We may periodically update this policy to reflect changes in our approach or industry best practices. The current version will always be available at https://ravenna.ai/security/disclosure.

Contact Us
Beyond security vulnerabilities, we welcome your feedback and questions about our security practices. Feel free to reach out to us at security@ravenna.ai.

Thank you for helping us maintain a secure environment for all Ravenna AI users. Your contributions to our security are invaluable.

Last Updated: June 3, 2025