Legal
Security & Responsible Disclosure
Last updated June 2026
We hold our own systems to the standard we assess for others, and we welcome good-faith reports. This page explains how to reach us — and the principles that govern our security work.
Reporting a concern
If you believe you have found a security vulnerability or a data exposure affecting The Patron Measure, please email security@thepatronmeasure.com. Tell us what you observed and where; please do not access, download, or alter any data beyond what is necessary to demonstrate the issue. We will acknowledge good-faith reports and will not pursue legal action against researchers who act in good faith and respect the privacy of others.
How we conduct security work
Our Guest Data & Digital Security Audit is performed only on systems a client owns or lawfully controls, and only under a signed Rules of Engagement and authorization letter that define the scope and the testing window. We do not probe, scan, or test any system we are not authorized in writing to assess.
We do not exfiltrate data
When we identify an exposure — whether in an engagement or incidentally — we evidence it with the minimum necessary and never download, copy, or retain third-party personal data. We point at the open door; we do not carry anything through it.
Disclosure without strings
If we incidentally notice that a third party has data publicly exposed, we will tell them privately and at no cost, with no obligation to engage us. Helping is not conditioned on a sale.