Legal

Security & Responsible Disclosure

RBJ Global LLC
Last updated: May 11, 2026

We take security seriously across all RBJ Global products. If you find a vulnerability in any of our software or services, we want to hear about it.

How to report

Email: security@rbjglobal.com

Please include:

  • A description of the vulnerability
  • Steps to reproduce
  • Which product or service is affected (Clawless Computer, WhisprDesk, Clawdemy, or one of our websites)
  • Your name or handle if you would like credit, or "anonymous" if you prefer

We do not currently operate a bug bounty program. We do offer public acknowledgment for valid reports if you want it.

Our commitment

When you report a vulnerability to us in good faith:

  • We will acknowledge receipt within 5 business days
  • We will investigate and respond with a determination within 14 days
  • We will work to remediate confirmed vulnerabilities and communicate progress
  • We will not pursue legal action against you for security research conducted in good faith under this policy

Safe harbor

We consider security research conducted under this policy to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) and similar laws
  • Exempt from our Terms of Service restrictions that would interfere with conducting security research
  • Lawful and helpful to the overall security of the internet

We will not initiate or support legal action against researchers who make good-faith efforts to comply with this policy.

In scope

The following are in scope for security research under this policy:

  • Clawless Computer (desktop application and clawless.ai)
  • WhisprDesk (desktop application and whisprdesk.com)
  • Clawdemy (clawdemy.org)
  • RBJ Global website (rbjglobal.com)
  • Public-facing APIs and services operated by RBJ Global LLC

Out of scope

The following are not considered vulnerabilities under this policy:

  • Social engineering of RBJ Global personnel or customers
  • Physical attacks against RBJ Global property or personnel
  • Denial-of-service attacks against any product or service
  • Automated scanning that disrupts service
  • Vulnerabilities that require an unrealistic user interaction (for example, requiring the user to install malware to view their own data)
  • Vulnerabilities in third-party services we use (please report those to the third party directly)
  • Self-XSS that cannot be exploited against other users

Good-faith conduct

Good-faith security research includes:

  • Testing only against your own accounts or content
  • Avoiding any privacy violations, destruction of data, or service interruption
  • Not exfiltrating or retaining customer data
  • Giving us reasonable time to fix issues before public disclosure (we recommend 90 days)
  • Not exploiting the vulnerability beyond what is necessary to confirm it exists

Contact

For security reports: security@rbjglobal.com

Thank you for helping keep RBJ Global products secure.