[ Legal / Security ]

Security Disclosure

Effective Date: January 1, 2026

AhUno Corp (“AhUno”) takes the security of its systems, clients, and the broader internet community seriously. This Security Disclosure Policy describes how security researchers can report vulnerabilities to us and the expectations that govern such reports. Our information security program is designed to meet the “reasonable security measures” standard articulated in Nevada Revised Statutes (“NRS”) Chapter 603A.

1. Our Commitment

  • Maintain administrative, technical, and physical safeguards consistent with NRS 603A.210.
  • Provide breach notification to affected Nevada residents in accordance with NRS 603A.220 when triggered.
  • Encrypt personal information in transit and at rest where commercially reasonable.
  • Apply least-privilege access controls and regular access reviews.
  • Engage in continuous monitoring, patching, and periodic third-party assessment.

2. Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any AhUno Corp asset, please submit a report to ahunocorp@gmail.com. Where possible, encrypt sensitive details using our PGP key (available on request).

Please include:

  • A clear description of the vulnerability and its potential impact.
  • Steps to reproduce, including URLs, payloads, and timestamps (UTC).
  • Any proof-of-concept code or screenshots.
  • Your name and preferred contact method (optional).

3. Response Commitments

  • Acknowledgment within 3 business days.
  • Triage and initial assessment within 10 business days.
  • Status updates at reasonable intervals until resolution.
  • Coordinated disclosure timing agreed in good faith with the reporter.

4. Safe Harbor

AhUno Corp will not pursue civil action or initiate a complaint to law enforcement against security researchers who, in good faith, comply with this policy. We consider activities conducted consistent with this policy to constitute “authorized” conduct under the Computer Fraud and Abuse Act and analogous Nevada statutes. If legal action is initiated by a third party against you for activities that complied with this policy, we will make this authorization known.

5. Scope

In scope: ahuno.com and subdomains operated by AhUno Corp.

Out of scope: third-party services we do not operate, physical attacks, vulnerabilities in unsupported browsers, reports already disclosed publicly, and findings limited to missing best- practice headers without demonstrable impact.

6. Prohibited Activities

To remain within safe harbor, you must not:

  • Access, modify, or destroy data that does not belong to you.
  • Perform denial-of-service, resource exhaustion, or load-testing attacks.
  • Engage in social engineering, phishing, or physical attacks against AhUno employees, clients, or facilities.
  • Use automated scanners that generate excessive traffic.
  • Disclose the vulnerability publicly before AhUno has had a reasonable opportunity to remediate.
  • Violate any applicable federal, state, or local law.

7. Confidentiality

Information you share with AhUno as part of this policy will be treated as confidential and used solely for the purpose of remediation, except as required by law or to coordinate with affected third parties.

8. No Bug Bounty

AhUno Corp does not currently operate a paid bug bounty program. We acknowledge contributors at our discretion. Submitting a report does not create any expectation of compensation.

9. Governing Law

This policy is governed by the laws of the State of Nevada. Any disputes arising under this policy shall be resolved in the state or federal courts located in Clark County, Nevada.

10. Contact

AhUno Corp
Attn: Information Security
Las Vegas, Nevada, USA
ahunocorp@gmail.com

This Security Disclosure Policy is provided for general informational purposes and does not constitute legal advice. Consult qualified counsel for advice specific to your circumstances.