Responsible Disclosure Policy

Effective Date: 15-May-2025

Purpose

The Uptiq Inc. Responsible Disclosure Policy aims to allow for the reporting and disclosure of vulnerabilities discovered by external entities.

Scope

This Policy applies to the Uptiq platform and its information security infrastructure.

Background

Uptiq is committed to ensuring the safety and security of our customers and employees. We aim to foster an environment of trust and an open partnership with the security community, and we recognize the importance of vulnerability disclosures in continuing to ensure the safety and security of all our customers,employees, and company. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers who are providing us with their expertise and whistleblowers who add an extra layer of security to our infrastructure

Legal Posture

Uptiq will not engage in legal action against individuals who submit vulnerability reports to us. We openly accept reports for the currently listed Uptiq products. We agree not to pursue legal action against individuals who:

  • Engage in the testing of systems/research without harming Uptiq or its customers.
  • Engage in vulnerability testing within the scope of our vulnerability disclosure program.
  • Test on products without affecting customers, or receive permission/consent from customers before engaging in vulnerability testing against their devices/software, etc.
  • Adhere to all applicable laws and regulations

Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe and action plan.

Reporting

What we would like to see from you:

  • Detailed submissions will have a higher probability of resolution.
  • Reports that include proof-of-concept code which equip us to better triage.
  • Please include how you found the bug, the impact, and any potential remediation.
  • Please include any plans or intentions for public disclosure.
  • Reports that include only crash dumps or other automated tool output may receive lower priority.
  • Reports that include products not on the initial scope list may receive lower priority.

Our Commitment

What you can expect from Uptiq:

  • A timely response to your submission.
  • After triage, we will send an expected timeline and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
  • An open dialogue to discuss issues.
  • Credit after the vulnerability has been validated and fixed.
  • If we are unable to resolve communication issues or other problems, Uptiq may bring in a neutral third party to assist in determining how best to handle vulnerability.

How to Submit a Report

To report an information security program violation or a violation of related laws and regulations, you may email info@uptiq.ai.

UPTIQ's Enterprise AI platform for financial services delivers intelligent solutions for Wealth Firms, Banks & FinTechs.

United States

7300 State Hwy 121, Suite 300, McKinney TX 75070

India

3rd Floor, WeWork Futura, Magarpatta Rd, Kirtane Baugh, Magarpatta, Hadapsar, Pune, Maharashtra 411028

Agent Store
Loan Placement AgentCovenant Tracking AgentMortgage Loan Processor AgentCommercial Loan Origination AgentClient Engagement AgentBusiness Client AgentOther Agents

© 2025 UPTIQ, Inc. All rights reserved.