Security

Doradus Research takes security seriously. If you believe you have found a vulnerability in any of our public-facing services or research artifacts, please report it through the channel below — we will acknowledge receipt within two business days.

Reporting

Email security@doradusonline.com with a clear description, reproduction steps, and any proof-of-concept material.

Scope

• Public services on *.doradusresearch.ai and *.perfct.ai
• Open-source code published under the Doradus organization
• Public research artifacts (model weights, datasets, write-ups)

Out of scope

• Internal-only subdomains (admin., docker., modelcache-primary.)
• Findings requiring physical access
• Social engineering attempts against employees

Safe harbor

We will not pursue legal action against researchers who follow this policy in good faith and avoid privacy violations, service disruption, or destruction of data.