Vulnerability Disclosure Policy

Last updated: October 16, 2025

Aisle is committed to protecting the security and privacy of our customers and partners. We value the contributions of security researchers and others who help us identify and fix potential vulnerabilities responsibly.

Purpose

This policy provides a clear process for reporting potential security vulnerabilities in Aisle products or services. It enables responsible coordination between external reporters and our security team.

Scope

This policy applies to all Aisle-owned systems, applications, services, and websites.

It does not apply to third-party products or services not operated by Aisle. Activities such as social engineering, physical security testing, or denial-of-service attempts are out of scope.

How to Report a Vulnerability

Please email your report to [email protected]

You can also refer to our security.txt file at https://aisle.com/.well-known/security.txt

If you prefer encryption, our PGP key is available below.

Include as much information as possible

• Affected product, service, or URL
• Step-by-step reproduction or proof of concept
• Expected vs. observed behavior
• Impact assessment or severity (if known)
• Your preferred contact method

Avoid sharing sensitive personal or customer data in your report whenever possible.

Our Commitment

• We will acknowledge receipt within five (5) business days.
• We will evaluate and triage the report promptly.
• We will work with you to verify the issue and coordinate remediation.
• We will notify you once the issue has been resolved or if further details are needed.
• If appropriate, we may publicly acknowledge your contribution with your consent.

Good-Faith Research

We ask that you:

• Do not share information about the vulnerability with others until we have confirmed that it has been resolved.
• Do not abuse the vulnerability or use it to access, modify, or copy data that does not belong to you.
• Do not disrupt or degrade Aisle services, use social engineering, or perform physical attacks.

If you act responsibly and in good faith while following this policy, Aisle will not pursue legal action related to your research. If a vulnerability is exploited or shared before it is remediated, Aisle reserves the right to take appropriate legal steps.

Privacy Notice

Information you share with us in a vulnerability report may be used to reproduce, resolve, and communicate about the issue.

We handle such information in accordance with our Privacy Policy.

Regulatory Alignment

This policy is established in line with recognized cybersecurity standards and frameworks, including EU NIS2 Directive (Art. 21), ISO/IEC 29147:2018, NIST SP 800-53 Rev. 5 (SI-12), and related CISA and ENISA guidance on vulnerability handling and disclosure.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGjvWnABEADRKgWHSw5bOeZDUVs1v22aLm5N5Pzc3ypP32t0hz/buVq/qok4
1hOf4TZssbINXQhPjunJOy3DvnP+BKayOlihZSDkQIQH6uBFtBQYXXJMoiUHAQ9f
fBC2IYgONyYtEbgF/CqnvCmPSh+0kuTCmUFEZvZD2YNgOzbM7g0OOI9bJN40r6Fc
OHxhc9ZwjGxOP2SLiPH+ie8I9qpMyzu3AzxyIYAmEpYj5mHq1P+Y8CGVqmqfyl9v
u0qLAm9ppmNXE3oG6MyPpXHtIUV76QZNCAuYRPwdkv/x93b9ZA2KiELlZnNuN0zs
WD8T96fzCDiKZCtCUS0yguvAJ2MovxZYk3ZTEHlladosolw/rHWMAsTKVbXjkyXQ
kiUSVtbzDLiC95bsp1ipRlAwrDGfzAE/1408OLvQczUrX8BTW/YLSdQbWCjii69H
9E5w6qGX+vodqFMqplLDJEdLMxms6swPVrh0Bc2c6MKs8hj7le6ewj8ORyLFKCKk
Kd02OhbMR+8Hrb2QM9ZH5TY/oPAY7mbauijiA8WMmjoWNL4P6v5n3VJBG0Z9qvbT
lwBiD4i/XY8WKT5u2HTmFlv2uD+vmvOvzl+o05H8V07BAaQTGi361D7CDKXoQz14
dMv2n80oCVUT+GC1ed5xM/PGnJnku1RDVIbhqeIEO3ArW+K24r6zu0NsMwARAQAB
tCFEaXNjbG9zdXJlIDxkaXNjbG9zdXJlQGFpc2xlLmNvbT6JAlEEEwEIADsWIQSm
Dfi3BRdJyj0Y5hAjuHyZCDczUwUCaO9acAIbAwULCQgHAgIiAgYVCgkICwIEFgID
AQIeBwIXgAAKCRAjuHyZCDczU7VwD/9ufmbi8wG+Fllc9omTI9l6h+kQWpX+I3n6
em7PVCFCHFtz7L8UIz15YwRF9Xy1NY0VINDWZKpioUZtyWUcllwRhs3z+c8LCEIE
1O5veLeSR4V85sWIzW3QriIOTBOyRCOlJsasDb21J3P73cKLqdEgkfG3ZGPKeARj
mVtEDyHxmPwciefXe10ULooSlHtFpd9d8jHsSAHdbF+3Wp00Aw7/xK7mUMveczhn
//Ase3ZteDM1dGZEiiVsIX1Kngk7XrNrhdBf/pfyI8TgO8ktbFgGZnEVE4zLm6Oy
fFd5opmD6SwhCIlyIubY7zDwCwn5k2xRTC+y9K589T5ziPRJtddJiWSSwLfPAUY8
LfEeikQPr24pUOWBlPT1PWSlTKBm3aK39V6rYX3A8tiGnNDeZxRslVnmHsCcc+fq
jH0cEUOfMYZSVfhMsAMIKIkNYVVHgPzzos19a/Z3gWrmlVWHs8NPuTH9tFY0op3J
r9PP9lac1ez0jxipPLskZ5j95huJBi3othbvcNmRm/vN7PRhOD8EqSvh8pl7pO2o
Amt/bJtyOhVTZ0yYmxu+YhH7PIJZMpHZmWOSxiRF4yFLpdSWoZeezdhIR/E2fVfW
kr+pUzG0SwjR70FXNtP/I908GV0+BhrK/btQ1f4fpbuiZeBd/LVoeDM+ogmUuBFk
DZ76nfUtTbkCDQRo71pwARAA2pWQmbwkp2qL5jAP/VeCX/z12ybOq0jfETImJ8XT
GhPptbD627b61E1F6khZmBuqTn3EeQZ0/QHI96jKEHi7lo2T5LWARwM4t8Xw9Jd4
PSw3HmbXVmst9qL6PpbBOs+1hhpwTp+VVIMqXFyAPQO3CX+crwhrYJd4ix/GCSWV
923fdErfMWhOz8Jvo/TviUJgrGAzV0RFY4vxqLINnIgEb0F8pM5sO41ZnUPtsgAp
abXXIfrCmh/u+X0n3vX96LsWO1SeLxfd7W+/MWsfrzTZVrunO5IKUZG63vU8wAg6
vB+nGbpGLeWnIAlg6Jy/PN3I1azJtPabfV+hVdBSOri9jaAYHtgPiAo1HPizs6vJ
9C4JFTgMkM53qKUkOwe/iPW5I/RxwmhOkyhCLT+GgG9YyVtetO3/vTj6IcMq2Xdo
vhxTlV5dUSTnoN7T/tKeJUyvy5UemzzihmK4sSyVvuSdQIXLHnXrdAPdL21jeGFi
0sMzeJN26FfblCr0IlaMYqbH3WzOeAvPB9x02IjRBMA0Usug5Arv28YP3F1W46o6
qGt2QosXM1gBVpC3IdhV4u3O+M38mJIC4ydHtTzSOMl0pj/70fuH8OL6+q2qPKG0
WMHZjMrffxSVWl7F5lRsRMxsoyi4XL5LHg5hf5eTYUDCaRV6YReukmqLfj0DM88L
wT8AEQEAAYkCNgQYAQgAIBYhBKYN+LcFF0nKPRjmECO4fJkINzNTBQJo71pwAhsM
AAoJECO4fJkINzNTViAP/3mkgjcAuB6yjilN1JUi7mo1LABA53Y2T9mEq01TYN+h
T0xH1LTbO3uEPhmsgybZy7gpo1aoATYNeBxGinp5M7nliij7Spyo2ok0MxvWH/uR
6IDxc3mBA4nK+TbWoe/Axx8oIOmwpHJwouyynGE0B6IdxHR93lgsjszMZLRK/pkc
U5zu9kusiuxjJiuTCfKdeIvPIZ+tqZSN50iN+sSsnGHD9Muldm7oq3ADzsFzAEae
wV29CP1N3otMRubckQ2aXrLGKPjXTyhcudg75yLTZyFrT/6kvAqK0V0+spmL4lW+
KA1UpXRqugc3CGruWfuPar84Rya1eoBSxge8NB+lYCE15qnOOLPB2uoRmsW62TPz
f6NloRZ9cTukUK95/TJT3LjU+3V/1kfOFKkeXietF5JPVjNZTS79NoRJ5/b7y2RD
izrIXh4zIC2ZIammV7PFtPqIyn7v9pZSQqqP7KI7Z67rGgelKrLeefW+94bTRxya
nxXMHvNUuBu2iQEzFlypLJzeOIi4mkiKJhSpPmBvQO89XDdzRkihrZ0lJgYDLZTb
skThr60zA2UAs4dYsSc4G/6OqvOFOkzXOfCP8QFNXbEriEZ8W+VOv06dMMG8w72S
QBHKTjf1To/kvPCGdKKm5l1YBL59Z5HpcggsbDuqQ+CWj3a2keZAiJalsP1L84r8
=N+bR
-----END PGP PUBLIC KEY BLOCK-----