Security
Last updated: June 16, 2026
Reporting a vulnerability
If you identify a potential security vulnerability in any Letra da Lei service, including the letradalei.com website, the MCP integration, and related APIs, please email a report to security@letradalei.com. Describe the issue, its potential impact, the affected component or address, and the steps to reproduce it. We ask that you not disclose the issue publicly until we have had a reasonable opportunity to fix it.
Scope
In scope are the services Letra da Lei operates: the website, the MCP integration, authentication, and the APIs. Out of scope are third-party services we rely on (for example, cloud infrastructure providers and the AI assistant through which you access the integration), as well as social engineering, denial-of-service (DoS) attacks, and noise from automated scanning tools.
Our commitment
We acknowledge reports within 3 business days, investigate each one with reasonable care, keep you informed of progress, and remediate valid vulnerabilities on a timeline appropriate to their severity.
Responsible disclosure
We ask that you act in good faith: do not access, modify, or delete data that is not yours, do not degrade our services, and give us reasonable time to fix an issue before any public disclosure. Research conducted in this manner will not be subject to legal action from us.
Contact
Security reports should be sent to security@letradalei.com.