The HACC Group/Security
Responsible Disclosure
Last updated: June 15, 2026
Our commitment
Security is core to what we do. We welcome reports from security researchers and members of the public who identify potential vulnerabilities in our systems, and we are committed to working with you to verify and address them. This page explains how to report a vulnerability and what you can expect from us.
How to report
Email security@trafficiq.ai with:
- A description of the vulnerability and the potential impact;
- The steps required to reproduce it (proof-of-concept code, screenshots, or request/response captures are helpful);
- The affected URL, system, or component; and
- Your contact information so we can follow up.
Please report what you find as soon as you can after discovery, and give us a reasonable opportunity to respond before disclosing it publicly or to any third party.
Scope
This policy covers thehaccgroup.com and its associated public-facing web infrastructure. Our products and customer-facing platforms may be covered by separate agreements with their respective users; if you are a customer, please also refer to the security and incident terms in your agreement with us.
Safe harbor
If you make a good-faith effort to comply with this policy during your research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and we will not pursue or support legal action against you related to your report. If legal action is initiated by a third party against you for activity that was conducted in accordance with this policy, we will make this authorization known.
Guidelines
To qualify for safe harbor, please:
- Avoid accessing, modifying, or deleting data that does not belong to you. Use only test accounts or your own data.
- Avoid actions that could degrade, disrupt, or damage our systems or the experience of others (for example, denial-of-service testing, automated high-volume scanning, or spam).
- Do not use social engineering, phishing, or physical attacks against our staff, users, or facilities.
- Keep details of any vulnerability confidential until we have had a reasonable opportunity to remediate it.
- Comply with all applicable laws.
What to expect from us
- We will acknowledge receipt of your report, typically within a few business days.
- We will investigate and keep you reasonably informed of our progress.
- We will work to remediate confirmed issues in a timely manner based on severity.
- We are happy to recognize researchers who make a responsible, material contribution, with your permission.
Out of scope
The following are generally not considered actionable on their own: reports from automated scanners without a demonstrated, exploitable impact; missing security headers or best-practice recommendations without a concrete vulnerability; issues affecting unsupported or end-of-life browsers; and theoretical issues without a realistic attack scenario.
A note on rewards
We do not currently operate a paid bug-bounty program. We deeply appreciate responsible disclosure regardless, and will acknowledge meaningful contributions where you would like us to.
Contact
The HACC Group, Inc.
Email: security@trafficiq.ai