Security
Our commitment
Security is foundational to Mosaic. We take the protection of our users' data and systems seriously. As a tool that runs inside live applications, we hold ourselves to the highest standard of security practice.
Responsible disclosure
If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly.
Please report security issues to security@recursive.ac. We will acknowledge your report within 48 hours and work with you to understand and address the issue.
What to include
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested remediation
Scope
This policy applies to all Recursive Labs products including Mosaic, Orbit, and associated infrastructure. Please do not perform testing against production systems without prior authorization.