Security Policy

Information Security Policy

Basic Philosophy

PowerX, Inc. (hereinafter referred to as "the Company") conducts its business with the philosophy of achieving "a world forever free from energy concerns." The information assets handled within our business, including customer information, are extremely important as part of the Company's management foundation. Recognizing the importance of protecting these assets from risks such as leakage, damage, and loss, all individuals who handle information assets, including officers and employees, are committed to complying with this policy and maintaining the confidentiality, integrity, and availability of information security.

Basic Policy

  1. Compliance and RegulationsTo protect information assets, we have established an information Security Policy and related regulations. All business activities adhere to this policy, relevant laws, regulations, standards, and contractual obligations with customers.

  2. Risk Assessment and ManagementWe clearly define criteria for analyzing and evaluating risks such as leakage, damage, and loss of information assets. A systematic risk assessment method is established and conducted regularly. Based on the results, we implement necessary and appropriate security measures.

  3. Information Security FrameworkWe establish an information security management structure led by the responsible executive, with clear definitions of authority and responsibility for information security. To ensure proper handling of information assets, all employees regularly receive education, training, and awareness programs to understand the importance of information security.

  4. Monitoring and AuditingWe regularly inspect and audit compliance with the Information Security Policy and the handling of information assets. Any deficiencies or areas for improvement identified during these processes are promptly addressed with corrective actions.

  5. Incident Response and Business ContinuityWe take appropriate measures to address any security events or incidents. In the event of an incident, pre-established procedures are followed to minimize damage, and corrective actions are promptly implemented. For incidents that may disrupt business operations, a management framework is established and regularly reviewed to ensure business continuity.

  6. Continuous ImprovementTo achieve the goals of the Basic Philosophy, we establish an Information Security Management System (ISMS), execute it, and continuously review and improve it.

PowerX, Inc.

Representative Executive Officer and CEO

Masahiro Ito

Established on Apr. 1, 2023

Vulnerability Disclosure Policy

Purpose

At our company, the safety and trust of our customers and partners is our top priority. We welcome reports of potential security vulnerabilities in our systems, services, or applications, and we are committed to addressing them promptly through a responsible disclosure process.

This policy outlines how to report vulnerabilities related to our services and how we will handle them.

Scope

This policy applies to the products and services we provide.

How to Report a Vulnerability

If you discover a potential vulnerability, please include the following details when submitting your report:

  • Affected service/product name or URL.

  • Summary of the vulnerability and its potential impact.

  • Steps to reproduce (including screenshots or a proof of concept, if available).

  • Your contact information (optional: name, email, handle for acknowledgment).

Reporting Channel: Please report the vulnerability using the form here.

Our Commitments

When a valid vulnerability report is received, we will:

  • Acknowledge receipt within 5 business days.

  • Assess the severity and determine appropriate mitigation steps.

  • Work to resolve verified issues promptly (based on severity).

  • Communicate resolution progress with the reporter.

Guidelines for Responsible Reporting

We request researchers to:

  • Avoid actions that may disrupt operations (e.g.denial-of-service etc)

  • Refrain from accessing or manipulating customer or personal data.

  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.

  • Do not publicly disclose the issue until we’ve had reasonable time to remediate it.

  • Avoid violating laws and regulations during testing.

Legal Safe Harbor

If you act in good faith and follow this policy, we will not pursue legal action. 

However, malicious behavior or violations of this or other applicable policies or laws may result in appropriate action.

Disclosure and Transparency

We believe in coordinated disclosure and aim to maintain transparency. If a vulnerability is confirmed and fixed, we may:

  • Publish details of the issue and the resolution.

  • Clearly communicate the affected systems and versions.

  • Coordinate the timing of any public announcements with the reporter.

Established on Jul.31, 2025