Radiate — Legal

Vulnerability Disclosure Policy

Version 1.1 · Effective April 19, 2026

Radiate Vulnerability Disclosure Policy

Last updated: April 19, 2026

Radiate Validator LLC (“Radiate”) takes the security of its systems seriously and values the contribution of security researchers who identify and responsibly disclose potential vulnerabilities.

1. Scope

This policy applies to all digital assets owned or operated by Radiate Validator LLC, including websites, APIs, and web applications hosted under the radiatestudio.ai domain, the radiate.art domain, and any other domains or subdomains owned or operated by Radiate for the Services (including radiatevalidator.com).

2. Reporting

If you believe you’ve discovered a vulnerability or security issue:

  • Email us at security@radiatestudio.ai
  • Include a detailed description of the issue, steps to reproduce, affected components, and any proof-of-concept if applicable.
  • Please allow us reasonable time to investigate and remediate before any public disclosure.

3. Rules of Engagement

  • Do not perform attacks that could harm our users or infrastructure (e.g., DDoS, spam, or data exfiltration).
  • Do not access, modify, or destroy data you do not own.
  • Do not disclose vulnerabilities publicly before Radiate confirms resolution.
  • Testing must stay within the scope of publicly available assets — no social engineering, phishing, or physical attacks.

4. Safe Harbor

To the extent permitted by applicable law, Radiate will not pursue legal action against individuals who:

  • Follow this policy in good faith.
  • Avoid privacy violations, data loss, or disruption.
  • Give us reasonable time to fix the issue before disclosure.

If you comply with this Policy and act in good faith, Radiate authorizes this security research, will not treat it as a violation of our Terms of Service or Acceptable Use Policy, and will not initiate a civil action against you for your security research under laws aimed at unauthorized access (including the CFAA). This safe harbor does not apply to: (i) intentional harm, (ii) disruption of service, (iii) extortion, (iv) social engineering, (v) accessing, modifying, or deleting data you do not own, or (vi) any activity outside the scope described in this Policy.

5. Recognition and Rewards

While Radiate does not currently operate a paid bug bounty, we may offer acknowledgment, swag, or future bounty consideration for high-impact findings responsibly disclosed.

Vulnerability Disclosure Policy · Radiate Art