Last updated September 8, 2025

At Ragie.ai (Ragie), we value the contributions of the security research community in helping us keep our products and users safe. If you’ve found a potential vulnerability, we want to hear from you.

We’ve recently launched a pilot responsible disclosure program to formalize how we receive and review security findings for external parties. While we’re not offering a standing bounty at this time, we evaluate each valid submission individually and may provide recognition or rewards based on severity, impact, and uniqueness.

How to Submit a Report

Please send your findings to security@ragie.ai with the following information:

• Summary: A clear and concise description of the issue
• Steps to Reproduce: Instructions that allow us to replicate the issue
• Impact: An explanation of the potential risk or exposure
• Scope: Where this issue occurs (e.g., app, URL, API, authentication, etc.)
• Proof of Concept: Supporting evidence such as screenshots, test data, or sample code
• Your Contact Info: So we can follow up if needed

Please Do Not Include

To help us evaluate your report safely and responsibly, we ask that you avoid including:

• Personal data (PII) of real users — use test/demo/redacted info only
• Any actions that could disrupt service or impact production systems (e.g., denial of service)
• Raw automated scan results without validated findings
• Malware, backdoors, or destructive payloads
• Screenshots or data from non-Ragie platforms

What to Expect

Once we receive your submission:

1. We’ll acknowledge receipt promptly.
2. Our security team will review your report and assess impact.
3. If clarification is needed, we’ll reach out directly.
4. We’ll provide updates as we progress and notify you once the issue is resolved.

Encryption

We do not currently publish a PGP key. If you need to send sensitive details, please contact us first at security@ragie.ai to arrange a secure channel.

We appreciate your efforts to help keep Ragie secure.