This Security Policy describes how Sentinel Arc protects its platform and how to report vulnerabilities. This template is intended for UK audiences and should be reviewed by legal counsel before use.

Responsible disclosure

If you believe you have found a security issue, contact security@sentinelarc.example and provide steps to reproduce. We ask that you do not publicly disclose issues until we have had a reasonable opportunity to investigate and remediate.

Scope

• Sentinel Arc web applications, APIs, and dashboard interfaces.
• Discord bot infrastructure and automation services.
• Associated documentation and support systems.

Out of scope

• Third-party services not operated by Sentinel Arc.
• Social engineering, phishing, or physical attacks.
• Denial-of-service testing without explicit written approval.

Security controls

• Role-based access controls, logging, and audit trails.
• Encryption in transit and at rest where applicable.
• Continuous monitoring and automated alerting.

Response process

We aim to acknowledge reports within 2 business days and provide updates as remediation proceeds.

Contact

Security reports and inquiries: security@sentinelarc.example