Pretty Good AI Responsible Disclosure Policy
Last updated: December 2025
We welcome good-faith reports that help protect our users, partners, and patients.
How to report
Email contact@prettygoodai.co with a concise description, reproduction steps/PoC, affected URLs, and impact. (Encryption optional; we currently accept plain email.)
Response targets
- Acknowledgment within 2 business days
- Status update or fix within 30 days
- Notification on remediation
Safe harbor
If you follow this policy, avoid privacy violations/service disruption, and don't access, modify, or exfiltrate PHI, we won't pursue legal action. Give us reasonable time to remediate before public disclosure.
Scope (in-scope assets)
*.prettygoodai.co*.prettygoodai.net
Out of scope / prohibited
- DoS, spam, or automated testing that degrades service
- Social engineering or phishing of staff/customers
- Physical attacks or testing third-party providers (e.g., Cloudflare, Google Workspace)
- Accessing or exfiltrating any PHI/PII
- Testing form submissions or creating fake requests or meeting bookings
Recognition
With permission, we may acknowledge contributors on our Security Acknowledgments page.
Contact Information
For security reports, please contact us at:
Email: contact@prettygoodai.co