Security Policy

Email security@pdftoexcelstatementconverter.com with a concise description, affected route or asset, reproduction steps, and any non-sensitive evidence. Do not attach customer bank statements, secrets, access tokens, or regulated data.

• PRIZM triages security reports before normal support requests.
• Reports that indicate active abuse, credential exposure, or data access risk become incidents.
• Validated findings are tracked through remediation, verification, and post-incident evidence.
• Acknowledgments are not published until a staffed disclosure process is in place.

In-scope assets are PRIZM application routes, API routes, dashboard controls, public trust pages, and documented provider integrations. See Security for the current control posture.