Security & Responsible Disclosure
We take security seriously. This page documents our security practices and how to report vulnerabilities responsibly.
Email Authentication (Anti-Phishing)
All emails from @elevatediq.ai are protected by SPF, DKIM, and DMARC to prevent domain spoofing and phishing attacks.
✅ SPF (Sender Policy Framework)
Status: Configured
v=spf1 include:_spf.google.com ~all
Only authorized mail servers can send email from our domain.
✅ DKIM (DomainKeys Identified Mail)
Status: Enabled
All outbound emails are cryptographically signed by Google Workspace.
✅ DMARC (Domain-based Message Authentication)
Policy: p=reject
Emails failing authentication checks are rejected. No spoofed emails delivered.
Always verify sender authenticity
⚠️ If you receive an email claiming to be from ElevatedIQ that doesn't pass DMARC, it's a phishing attempt. Report it to [email protected].
Responsible Vulnerability Disclosure
We welcome security researchers to help us keep our platform secure. If you discover a vulnerability, please follow coordinated disclosure:
- 1. Email details to [email protected] with a clear description and steps to reproduce
- 2. Allow us 24 hours to acknowledge receipt and 72 hours to provide an initial assessment
- 3. Work with us to verify the fix before public disclosure (typically 90 days)
Safe Harbor
Researchers acting in good faith will not face legal action. We support coordinated disclosure under responsible terms.
Security.txt (RFC 9116)
We publish a machine-readable security policy per RFC 9116.
View security.txtSecurity Researcher Acknowledgments
We thank the following researchers for responsible disclosure:
No public disclosures to date. Be the first!