Last updated: 23 April 2026
Verac takes the security of its platform and website seriously. If you believe you've found a vulnerability affecting VERAC AI LTD, please report it to us privately so we can fix it before it's exploited. We commit to acknowledging reports quickly and treating good-faith researchers as partners, not adversaries.
Email security@verac.ai with a clear description of the issue, the steps to reproduce it, the potential impact, and any proof-of-concept material. Please use this channel rather than public issue trackers, social media, or support forms. If you need to encrypt your report, ask us and we'll share a PGP key.
This policy covers the verac.ai website and any services we explicitly list in a future scope document. Third-party services we rely on (for example our hosting, email, or analytics providers) are out of scope — please report issues affecting those systems directly to the vendor.
Reports we generally cannot action on their own: missing best-practice HTTP headers without a demonstrated exploit, descriptive error messages, rate-limiting or brute-force findings without impact, reports from automated scanners with no validation, social engineering, physical attacks, and denial-of-service testing. Spam and phishing sent to our inboxes should be reported to your email provider, not here.
We will not pursue or support legal action against researchers who: (1) make a good-faith effort to follow this policy, (2) avoid privacy violations, data destruction, or service disruption, (3) access only the minimum data necessary to demonstrate the issue, and (4) give us reasonable time to remediate before any public disclosure. If in doubt about whether an action is authorised, ask us first.
We aim to acknowledge every valid report within 3 business days and to provide a triage decision within 10 business days. We will keep you informed as we investigate and fix the issue, and — with your permission — credit you publicly once remediation is complete. Timelines may vary for issues that depend on third-party vendors.
VERAC AI LTD does not currently operate a paid bug-bounty program. We may offer recognition or swag at our discretion for high-quality reports. Please report issues because it is the right thing to do, not in expectation of payment.
VERAC AI LTD, company number 17102184, registered in England & Wales. Registered office: 124 City Road, London, EC1V 2NX, United Kingdom.