Security Disclosure Policy

Our Commitment

pin.ca handles sensitive financial and legal information on behalf of Canadian businesses, legal professionals, and individuals involved in asset valuation proceedings. We take the security and integrity of this site seriously.

If you discover a vulnerability, misconfiguration, or privacy issue affecting pin.ca, we want to hear from you. We appreciate responsible disclosure and will work with you promptly to address any confirmed issues.

How to Report

Please report security issues directly to Eric Jordan by email. Include as much detail as possible so we can reproduce and assess the issue efficiently.

What to Include in Your Report

• A clear description of the vulnerability and the potential impact
• The URL or page where the issue was observed
• Steps to reproduce the issue (screenshots or screen recordings are welcome)
• Your name or handle (optional — anonymous reports are accepted)

Response Timelines

Scope

This policy applies to the following:

• pin.ca and all pages under the pin.ca domain
• Contact forms, data submission points, and any user-facing inputs
• Configuration files, exposed directories, or server-level misconfigurations
• Privacy issues involving the exposure of client or business data

Our Ask

We ask that you act in good faith. Please do not access, modify, or delete data beyond what is needed to demonstrate the issue. Do not disclose the vulnerability publicly before we have had a reasonable opportunity to address it.

We do not currently offer a bug bounty program, but we sincerely appreciate responsible disclosures and will acknowledge your contribution if you wish.

This policy is reviewed annually. The machine-readable version of this disclosure is available at pin.ca/.well-known/security.txt per RFC 9116.