Responsible Vulnerability Disclosure Policy

Introduction
At Clearcom Wireless Services, LLC (“Clearcom”), the security of our systems, products, and customer information is a top priority. We recognize the valuable role that independent security researchers and the broader community play in helping us identify and remediate vulnerabilities.
If you discover a security vulnerability in our systems, we encourage you to report it responsibly so we can address it quickly and protect our customers.

Reporting a Vulnerability
If you believe you’ve found a security vulnerability, please email us at: jszostak@clearcomwireless.com

Please include:

• A detailed description of the issue.
• Steps to reproduce the vulnerability.
• Any potential impact you’ve identified.
• Your contact information so we can follow up.
• We ask that you:
  • Do not exploit the vulnerability beyond what is necessary to prove its existence.
  • Avoid accessing, modifying, or exfiltrating data that does not belong to you.
  • Refrain from actions that could degrade Clearcom’s systems (e.g., denial-of-service, spam, or social engineering).

Our Commitment

• We will acknowledge receipt of your report within 2 business days.
• We will keep you informed of our remediation progress.
• We will notify you once the issue has been resolved.
• We will not pursue legal action against researchers who follow this policy and act in good faith.

Recognition
Clearcom values the contributions of security researchers. With your permission, we may publicly acknowledge your responsible disclosure in our Security Hall of Fame. At this time, Clearcom does not offer a monetary bug bounty program, but recognition is given for meaningful contributions.

Safe Harbor
Activities conducted in compliance with this policy will be considered:

• Authorized under the Computer Fraud and Abuse Act (CFAA).
• Exempt from Clearcom’s Terms of Service restrictions related to security research.
• Within the scope of “good faith