Security and breach response

Report a vulnerability

If you believe you found a vulnerability, email songday@sentientwebsite.com with enough detail for us to reproduce the issue. Do not access, modify, delete, or exfiltrate data that is not yours.

Research rules

• Use only your own accounts and data.
• Do not degrade, disrupt, or overload systems.
• Do not social engineer employees, contractors, customers, or vendors.
• Do not assess physical security or third-party systems without permission.
• Give us a reasonable opportunity to investigate before disclosure.

Incident response

We triage security reports, preserve relevant logs, contain confirmed incidents, investigate scope, remediate root causes, and notify affected parties and regulators where legally required. We maintain vendor contacts and escalation paths for providers involved in hosting, scheduling, email, HubSpot (CRM data), Robanka operations, Google (Gemini Live AI technology), ancillary analytics tooling, payment processors such as Stripe, Authorize.net, ACH debit, bank transfer, or wire providers when payments run, and infrastructure partners coordinating incident response with songday@sentientwebsite.com.

Operating controls

Website notices are not a substitute for internal security operations. SentientWeb should maintain a breach response runbook, data map, retention schedule, processor register, access review process, backup and recovery plan, and evidence of vendor security review.