TheInvestorNetRequest Demo

Legal

Security & Vulnerability Disclosure

How we protect your data and how to report an issue.

Last updated: June 5, 2026

TheInvestorNet holds confidential deal, portfolio, and investor data, and we design the service to protect it. If you believe you’ve found a vulnerability, we want to hear from you and we want you to feel safe telling us.

Our practices

  • Encryption in transit (TLS) everywhere; sensitive secrets (e.g. OAuth tokens) encrypted at rest with authenticated encryption.
  • Least-privilege access: workspace isolation, role-based permissions, and signed/verified webhooks for inbound integrations.
  • Audit logging of significant actions; scoped API access via session or workspace-scoped secrets.
  • Read-only, minimal scopes for third-party integrations, such as Gmail metadata only and never message bodies.

How to report

Email security@theinvestornet.com with a description of the issue, the affected URL/surface, steps to reproduce, and any proof-of-concept. We acknowledge reports within two business days and keep you updated through resolution.

Safe harbor

If you research in good faith and do not access, modify, or destroy data beyond what is needed to demonstrate the issue, we will not pursue legal action. Use your own test account; don’t run volumetric or denial-of-service tests against production.

In scope / out of scope

  • In scope: authentication/authorization and workspace-isolation bugs, injection/SSRF, signature-verification flaws, and OAuth-flow issues on TheInvestorNet-operated surfaces.
  • Out of scope: social engineering, denial-of-service/rate-limit testing, automated scanner output without validated impact, and issues in third-party services (report those to the third party).

Disclosure

We prefer coordinated disclosure. After a fix ships we’ll publish a brief advisory and credit you if you’d like.