Reporting a security concern

If you've found a vulnerability, data exposure, or security concern related to Sentinel Risk Group LLC, the AI Governance Shield™ certification framework, or any of our delivery infrastructure, we want to hear from you. This page tells you what's in scope, how to report, and what we commit to.

Machine-readable version of this policy lives at /.well-known/security.txt per RFC 9116.

How to report

Use the contact form on this site to file a report. Do not email findings to staff directly — the contact form ensures the report routes to the right queue.

Open the contact form → View security.txt

What to include

URL or endpoint affected
Reproduction steps, if any
Your assessment of severity (low / medium / high / critical)
Whether you intend to publicly disclose, and on what timeline

What's in scope

Anything Sentinel Risk Group operates directly:

This site (sentinelriskgrp.com)
Any AI Governance Shield™ deliverable, intake form, email, or Cloudflare Pages Function
The v3 PDF renderer Lambda (srg-v3-renderer)
The render-deliverables, governance-chat, contact, support-chat, verify, amazon-intake, governance-intake, or evidence-upload Cloudflare Pages Functions

What's out of scope

Rate-limit / DDoS reports against the public site — use your provider's process
Reports against vendor services (Cloudflare, AWS, Postmark, Airtable, Make, Stripe, Anthropic, GitHub, etc.) — please report directly to those vendors
Findings that depend on social engineering of Sentinel Risk Group personnel
Findings against legacy unpublished domains or test/staging environments

Our commitment to you

If you file a valid report through the contact form, we commit to:

Acknowledge your report within 72 hours
Confirm or refute the issue within 14 calendar days
Coordinate a remediation timeline with you before any public disclosure

Reports are reviewed by Sentinel Risk Group LLC personnel under the same disciplined process used to operate certification engagements.

AI-Assisted | Expert-Validated | Audit-Ready

Governance guidance — not legal advice.

Sentinel Risk Group LLC · AI Governance Shield™ · Terms · Privacy · Contact

Disclaimer: The information on this website is provided for general informational purposes only and does not constitute legal, financial, insurance, or compliance advice. AI Governance Shield™ certification is an independent governance evaluation service and does not guarantee regulatory compliance, insurance coverage, legal protection, or immunity from enforcement actions. Applicable laws, regulations, and insurance policy terms vary by jurisdiction and are subject to change. Specific penalty amounts, enforcement provisions, and statutory requirements referenced on this site reflect publicly available information as of the date of publication and may have been amended. Practices should consult qualified legal counsel for advice specific to their circumstances. Sentinel Risk Group is not a law firm, insurance company, healthcare provider, or government agency.