The HACC Group
Carrier-deployed · since 2023

The HACC Group/Security

Responsible Disclosure

Last updated: June 15, 2026

Our commitment

Security is core to what we do. We welcome reports from security researchers and members of the public who identify potential vulnerabilities in our systems, and we are committed to working with you to verify and address them. This page explains how to report a vulnerability and what you can expect from us.

How to report

Email security@trafficiq.ai with:

  • A description of the vulnerability and the potential impact;
  • The steps required to reproduce it (proof-of-concept code, screenshots, or request/response captures are helpful);
  • The affected URL, system, or component; and
  • Your contact information so we can follow up.

Please report what you find as soon as you can after discovery, and give us a reasonable opportunity to respond before disclosing it publicly or to any third party.

Scope

This policy covers thehaccgroup.com and its associated public-facing web infrastructure. Our products and customer-facing platforms may be covered by separate agreements with their respective users; if you are a customer, please also refer to the security and incident terms in your agreement with us.

Safe harbor

If you make a good-faith effort to comply with this policy during your research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and we will not pursue or support legal action against you related to your report. If legal action is initiated by a third party against you for activity that was conducted in accordance with this policy, we will make this authorization known.

Guidelines

To qualify for safe harbor, please:

  • Avoid accessing, modifying, or deleting data that does not belong to you. Use only test accounts or your own data.
  • Avoid actions that could degrade, disrupt, or damage our systems or the experience of others (for example, denial-of-service testing, automated high-volume scanning, or spam).
  • Do not use social engineering, phishing, or physical attacks against our staff, users, or facilities.
  • Keep details of any vulnerability confidential until we have had a reasonable opportunity to remediate it.
  • Comply with all applicable laws.

What to expect from us

  • We will acknowledge receipt of your report, typically within a few business days.
  • We will investigate and keep you reasonably informed of our progress.
  • We will work to remediate confirmed issues in a timely manner based on severity.
  • We are happy to recognize researchers who make a responsible, material contribution, with your permission.

Out of scope

The following are generally not considered actionable on their own: reports from automated scanners without a demonstrated, exploitable impact; missing security headers or best-practice recommendations without a concrete vulnerability; issues affecting unsupported or end-of-life browsers; and theoretical issues without a realistic attack scenario.

A note on rewards

We do not currently operate a paid bug-bounty program. We deeply appreciate responsible disclosure regardless, and will acknowledge meaningful contributions where you would like us to.

Contact

The HACC Group, Inc.

Email: security@trafficiq.ai