Security & Responsible Disclosure Notice

Members must protect their passwords, MFA devices, and account sessions. Do not share invitation links, activation codes, reset links, passwords, or MFA codes. Report suspicious messages or unauthorised account activity promptly.

If you discover a security weakness, report it privately to security@ags-alumni.com. Do not access, copy, alter, delete, or disclose data that does not belong to you. Do not perform destructive testing, social engineering, spam testing, denial-of-service activity, or public disclosure before the Association has had a reasonable opportunity to investigate.

Official automated emails are sent from noreply@mail.ags-alumni.com. The Association will not ask members to send passwords or MFA codes by email. When in doubt, contact security@ags-alumni.com or secretariat@ags-alumni.com.

The Association will review good-faith security reports and may request additional information. Security reports are handled based on severity, member risk, and available Association resources.