Vulnerability Disclosure Policy

Security is a top priority at PX. We value the contribution of security researchers and the broader community in helping us maintain a safe and trusted environment.

Reporting

If you believe you’ve discovered a potential security vulnerability in our website, product, or services, we encourage you to report it to us responsibly by emailing security@px.com

Please include:

• Description of the issue
• Affected domain or endpoint
• Steps to reproduce
• Relevant screenshots

Our Commitment

• We will acknowledge your report within 3 business days.
• We will provide updates as soon as the issue is resolved.
• We ask that you allow us up to 30 business days to investigate and remediate before public disclosure.

Safe Harbor

We appreciate your efforts to help keep our systems secure. If you make a good-faith effort to comply with this policy and avoid privacy violations, data destruction, or service disruption, we will not initiate legal action or contact law enforcement in response to your report.

Scope

All production systems under the px.com domain are in scope.
Testing that impacts system availability (DoS, brute force, social engineering) is out of scope.

Rewards

Currently, we do not operate a public bug bounty program, but we do recognize and appreciate responsible disclosures and may offer tokens of appreciation at our discretion.

Legal Disclaimer

PX reserves the right to modify this policy or its scope at any time without notice.