Vulnerability Disclosure Policy

Overview

PowerX, Inc. and its subsidiaries (hereinafter referred to as "Our company") conduct business under the philosophy of "A world without energy shortages forever." 

Our Company is committed to providing secure, reliable products and services across our energy solutions. 

Purpose

At our company, the safety and trust of our customers and partners is our top priority. We welcome reports of potential security vulnerabilities in our systems, services, or applications, and we are committed to addressing them promptly through a responsible disclosure process.

This policy outlines how to report vulnerabilities related to our services and how we will handle them.

Scope

This policy applies to the products and services we provide.

How to Report a Vulnerability

If you discover a potential vulnerability, please include the following details when submitting your report:

  • Affected service/product name or URL.

  • Summary of the vulnerability and its potential impact.

  • Steps to reproduce (including screenshots or a proof of concept, if available).

  • Your contact information (optional: name, email, handle for acknowledgment).

Reporting Channel: Please report the vulnerability using the form here.

Our Commitments

When a valid vulnerability report is received, we will:

  • Acknowledge receipt within 5 business days.

  • Assess the severity and determine appropriate mitigation steps.

  • Work to resolve verified issues promptly (based on severity).

  • Communicate resolution progress with the reporter.

Guidelines for Responsible Reporting

We request researchers to:

  • Avoid actions that may disrupt operations (e.g.denial-of-service etc)

  • Refrain from accessing or manipulating customer or personal data.

  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.

  • Do not publicly disclose the issue until we’ve had reasonable time to remediate it.

  • Avoid violating laws and regulations during testing.

Legal Safe Harbor

If you act in good faith and follow this policy, we will not pursue legal action. 

However, malicious behavior or violations of this or other applicable policies or laws may result in appropriate action.

Disclosure and Transparency

We believe in coordinated disclosure and aim to maintain transparency. If a vulnerability is confirmed and fixed, we may:

  • Publish details of the issue and the resolution.

  • Clearly communicate the affected systems and versions.

  • Coordinate the timing of any public announcements with the reporter.

  • Established on Jul.31, 2025