Grafflix Security
Grafflix Security

Legal Notices, Security Disclosure & Privacy Rights

  • Home
  • Legal Notices, Security Disclosure & Privacy Rights

"Prevention is cheaper than a breach"

Legal Notices, Security Disclosure & Privacy Rights

Effective Date: July 2026


Legal Notices, Security Disclosure & Privacy Rights

This page supplements the Grafflix LLC Privacy Policy, Cookie Policy, and Terms of Use.

Grafflix LLC is committed to maintaining the confidentiality, integrity, and availability of our systems while respecting the privacy rights of our website visitors, clients, business partners, and prospective customers.


Section 1 — Responsible Vulnerability Disclosure Policy

Our Commitment

As a cybersecurity consulting firm, Grafflix LLC appreciates the efforts of security researchers who responsibly identify and disclose potential security vulnerabilities.

We believe coordinated vulnerability disclosure helps improve the security of the Internet while protecting customers and organizations from unnecessary risk.


Authorized Security Research

If you believe you have discovered a security vulnerability affecting:

  • grafflixllc.com
  • Public Grafflix web applications
  • Public APIs
  • Publicly accessible infrastructure owned by Grafflix LLC

we request that you report the issue privately.


Reporting a Vulnerability

Please include whenever possible:

  • Description of the vulnerability
  • Affected URL(s)
  • Steps to reproduce
  • Proof-of-Concept
  • Screenshots
  • Impact assessment
  • Your contact information

Reports should provide sufficient detail for us to reproduce the issue.


Our Commitment to Researchers

When acting in good faith, Grafflix LLC will make reasonable efforts to:

  • Acknowledge receipt of reports
  • Review reported vulnerabilities
  • Investigate findings
  • Remediate confirmed issues
  • Keep researchers informed regarding status where appropriate

Good Faith Research

We consider research to be conducted in good faith when it:

  • Avoids privacy violations
  • Avoids data destruction
  • Avoids service disruption
  • Does not access customer information
  • Does not modify data
  • Does not create persistent access
  • Is intended solely to improve security

Out of Scope

The following activities are not authorized:

  • Denial-of-Service (DoS)
  • Distributed Denial-of-Service (DDoS)
  • Social engineering
  • Phishing
  • Physical attacks
  • Credential stuffing
  • Password spraying
  • Brute-force attacks
  • Malware deployment
  • Ransomware testing
  • Spam
  • Automated scanning that degrades service
  • Accessing client information
  • Attempting privilege escalation
  • Attempting persistence
  • Data exfiltration
  • Modification of information
  • Testing against customer environments
  • Testing third-party hosted services

Safe Harbor

If your research complies with this policy and is conducted in good faith:

  • Grafflix LLC will not intentionally pursue legal action solely because of your responsible disclosure activities.
  • This statement does not provide authorization to violate any law or access systems beyond those expressly covered by this policy.
  • Activities outside the scope of this policy may result in investigation and referral to appropriate authorities.

Bug Bounty

Grafflix LLC does not currently operate a public bug bounty program.

Responsible disclosures are appreciated but do not create any obligation to provide monetary compensation.


Security Contact

To report a suspected vulnerability, please use the Contact page on our website and include “Responsible Security Disclosure” in the subject of your message.

Please do not disclose vulnerability details publicly until Grafflix LLC has had a reasonable opportunity to investigate and remediate the issue.


Section 2 — Legal Notices & Disclaimers

General Information

Information provided on this website is intended solely for general informational and educational purposes.

While we strive to keep information current and accurate, no representation or warranty is made regarding the completeness, reliability, or suitability of any information presented.


No Professional Advice

Website content does not constitute:

  • Legal advice
  • Regulatory advice
  • Accounting advice
  • Audit advice
  • Investment advice
  • Insurance advice
  • Compliance certification
  • Professional cybersecurity consulting

Professional services are provided only through executed written agreements.


No Client Relationship

Accessing this website or communicating through our website does not establish:

  • A consulting engagement
  • A client relationship
  • A fiduciary relationship
  • A contractual relationship

A professional relationship exists only after execution of a mutually signed agreement.


Educational Content

Whitepapers, articles, blogs, presentations, webinars, downloads, checklists, templates, and educational materials are intended solely for informational purposes.

Organizations should evaluate recommendations based upon their own:

  • Risk tolerance
  • Regulatory requirements
  • Operational environment
  • Industry obligations

Regulatory References

References to:

  • NIST
  • ISO
  • IEC
  • CIS
  • MITRE
  • CISA
  • PCI DSS
  • HIPAA
  • SOX
  • GDPR
  • AI frameworks
  • Industry standards

are provided for educational purposes only.

Mention of any framework does not imply certification, endorsement, legal compliance, or regulatory approval.


Forward-Looking Statements

Certain statements may describe future capabilities, planned services, anticipated technologies, emerging risks, or strategic direction.

Such statements are forward-looking and involve uncertainties.

Actual results, services, technologies, and capabilities may differ.


No Guarantee of Results

Cybersecurity involves continually evolving threats.

Accordingly, Grafflix LLC does not guarantee:

  • Elimination of cyber risk
  • Prevention of security incidents
  • Regulatory compliance
  • Certification outcomes
  • Audit results
  • Business continuity
  • Absence of vulnerabilities

Cybersecurity is a shared responsibility requiring ongoing governance, technical controls, monitoring, and risk management.


External Links

Our website may reference third-party organizations, products, or services.

References do not constitute endorsement.

Grafflix LLC is not responsible for third-party content or practices.


Intellectual Property

All content on this website is protected by applicable intellectual property laws.

Unauthorized copying, redistribution, modification, or commercial use is prohibited without written permission.


Limitation of Liability

To the fullest extent permitted by law, Grafflix LLC disclaims liability for damages arising from reliance upon information contained on this website.


Section 3 — U.S. State Privacy Rights

Grafflix LLC respects applicable U.S. privacy laws and provides this notice for residents of states that have enacted comprehensive consumer privacy legislation.

This section supplements our Privacy Policy.


States Covered

This notice is intended to address applicable requirements under laws such as:

  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Utah Consumer Privacy Act (UCPA)
  • Any other applicable U.S. state privacy law as enacted or amended.

Categories of Personal Information We May Collect

Depending on your interactions with our website, we may collect:

  • Identifiers (such as name, email address, phone number, company name)
  • Internet or network activity (IP address, browser, pages visited, device information)
  • Professional or employment information (job title, employer, résumé or application materials if submitted)
  • Communications submitted through contact forms or email
  • Commercial information related to requested services or business inquiries

We do not knowingly collect sensitive personal information beyond what is voluntarily provided and reasonably necessary to respond to inquiries or provide professional services.


How We Use Personal Information

We may use personal information to:

  • Respond to inquiries
  • Provide requested services
  • Schedule meetings
  • Improve our website
  • Maintain website security
  • Prevent fraud and abuse
  • Comply with legal obligations
  • Communicate with clients and prospective clients

Sale or Sharing of Personal Information

Grafflix LLC does not sell personal information as those terms are generally defined under applicable U.S. state privacy laws.

We also do not share personal information for cross-context behavioral advertising.


Your Privacy Rights

Subject to applicable law, you may have the right to:

  • Know what personal information we collect
  • Access your personal information
  • Correct inaccurate personal information
  • Request deletion of personal information
  • Obtain a portable copy of your personal information
  • Opt out of the sale or sharing of personal information (although Grafflix LLC does not sell or share personal information for these purposes)
  • Appeal certain privacy-related decisions, where applicable

To exercise these rights, please contact us using the Contact page on our website.

We may need to verify your identity before fulfilling a request.


Non-Discrimination

Grafflix LLC will not discriminate against individuals for exercising applicable privacy rights under U.S. state privacy laws.


Data Retention

We retain personal information only for as long as reasonably necessary to:

  • Provide requested services
  • Maintain business records
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Protect the security and integrity of our systems

Retention periods vary depending on the nature of the information and applicable legal requirements.


Authorized Agents

Where permitted by law, an authorized agent may submit a privacy rights request on your behalf. We may require verification of both your identity and the agent’s authority before processing the request.


Contact Us

Questions regarding this page, privacy rights, or responsible security disclosures may be submitted through the Contact page on our website.

Grafflix LLC

Website: https://grafflixllc.com

Scroll to top