Analyze · Propose · Implement · Govern

From the first statement to a governed, documented allocation.

FolioMax carries an allocation decision through its entire life on one data spine. MaxAnalyze turns any custodial book into auditable intelligence, MaxProposals turns it into a goals-based proposal, MaxImplement puts it to work, and MaxPortfolio governs the models, the committee vote, and the audit trail behind every move — one chain of custody, from the first data point to the final documented decision.

Statement to governed allocation Cell-level provenance, end to end IPS-checked on every weight Audit-grade by design

Request a live walkthrough See the platform →

The Smith Family

GROWTH RISK4 ACCOUNTS● WITHIN BAND

TOTAL AUM

$10,988,978

Equity

72.1%

$7,917,014

Fixed inc

13.5%

$1,477,731

Other

8.1%

$888,053

Cash

6.3%

$690,358

across 4 statements · $15,821 not itemized · 1 account flagged to review →

One platform · four modules

Analyze. Propose. Implement. Govern.

Four modules on one data spine — each owns a stretch of the same unbroken thread, from the raw statement to the governed, audited allocation.

↗

Analyze

MaxAnalyze

Any custodial book — PDF, flat file, or API — turned into auditable, look-through intelligence.

Live ↗

Propose

MaxProposals

That intelligence becomes a goals-based, tax-aware, risk-right-sized proposal — no re-keying.

Live

Implement

MaxImplement

The approved strategy becomes real trades — in-kind aware, compliance-cleared, routed to custody.

Coming soon

↗

Govern

MaxPortfolio

The committee operating system — models, signals, risk, the vote, and the full audit trail behind every move.

Live

The status quo

Advisors build the client picture twice — by hand.

The current portfolio gets keyed out of PDF statements into a spreadsheet, analyzed in one tool, then re-entered into a separate proposal tool. Every handoff drops detail, and the line from source data to recommendation breaks. The analysis gets done. The thread from statement to proposal does not.

Days

to a client-ready proposal

Manual extraction and re-entry stall every proposal before the analysis even starts.

Twice

the same data, keyed again

The current portfolio is rebuilt by hand on both sides of the workflow.

Broken

line from data to advice

Without provenance, a recommendation can't be traced to the statement behind it.

Re-keyed by hand

Holdings typed out of custodial PDFs into spreadsheets, one position at a time.

Separate tools

Analysis lives in one app, the proposal in another — nothing carries over.

No data lineage

When a number is questioned, there's no trail back to the statement it came from.

Slow turnaround

A client-ready proposal can take days of manual assembly and reconciliation.

One continuous data spine

From custodial PDF to signed proposal.

Analyze where the client is, propose where they should be — one client record, carried end to end, without ever re-keying a position.

Statements

Structured intelligence

Goals & plan

Recommended strategy

Client-ready proposal

One client record, carried end to end.

MaxAnalyze · the workspace

One workspace. The whole book.

Statement PDFs, tabular connectors, and live feeds all normalize to a single canonical book — account → sleeves → positions → lots — so a mixed book analyzes uniformly, and re-imports reconcile instead of duplicating.

Around 18 institutional views ↓

Three ways into one canonical book

Upload a statement PDF

Async workers extract lots, fees, and transactions — with progress, reprocess, and cancel.

Daily flat-file feed

One connector per custodian layout maps native exports — down to lot level — every day.

Connect by API

Link an existing book of business — accounts and positions sync straight into the platform.

normalize

One canonical book

Every source, one contract.

account → sleeves → positions → lots

Stable identity keys mean re-imports reconcile instead of duplicating — and every record is source-stamped with its origin, classification source, and AUM basis.

Onboard any custodian

Statement PDFs you upload, daily flat-file feeds, and live API connections to an existing book — all normalize to one canonical book.

Enrich & classify

Market data, FX, and an asset-class / sector / region / tax-type taxonomy, with manual overrides.

Portfolio analytics

Around eighteen institutional views — allocation through risk to tax lots — for every client.

Household analytics

The same suite, aggregated across an entire household — not just one account.

Intelligence layer

Flags, opportunities, AI briefs, and a grounded assistant built on the same data.

Reports & delivery

Institutional decks to PPTX or PDF, branded, with tokenized client share links.

Around eighteen institutional views

Every angle on the portfolio, reconciled — never re-keyed.

01 / 13 app.foliomax.com/maxanalyze/the-smith-family/overview

Snapshot. Custodian-stated AUM, true allocation, sector look-through, open flags and prioritized opportunities — the whole book in one screen.

Look-through · % of the equity sleeve

What you really own, once the funds are seen through.

Held directly vs held via funds — the exposure that doesn't show up in the statement.

Held directlyHeld via funds

MSFT

15.18%

AAPL

11.41%

COST

5.43%

JNJ

4.77%

GOOGL

4.44%

LOW

3.69%

Stock overlap · summary

Top 10 names

Across 580 distinct underlying names in the equity sleeve.

Top 10 names · % of equity55.8%

Largest single name · MSFT15.2%

Redundant fund pairs (≥90%)0

Look-through coverage97.9%

MaxProposals · the workflow

Ten steps from inherited portfolio to signed proposal.

Holdings arrive as the Current Portfolio — same security master, same look-through, AUM intact. Then goals, projection, and a recommended strategy build, in order, on the analysis that's already done.

Client & Accounts

Current Portfolio

Goals & Objectives

Cash Flows

Assumptions

Proposed Strategy

Tax Transition

Analytics

Portfolio Construction

Proposal & Report

AI strategist · recommendation

An AI strategist recommends the model — and explains the deciding factor.

Recommended

Balanced Growth

The deciding factor is risk efficiency — the highest goal-fit at a volatility the plan's horizon comfortably absorbs, without giving up goal funding.

Model-match confidence

Balanced Growth

AI PICK

Moderate risk

Exp return

6.7%

Volatility

9.4%

Sharpe

0.66

Max drawdown

−23.6%

Goal fit 92 / 100

Moderate Growth

Growth risk

Exp return

7.5%

Volatility

11.8%

Sharpe

0.61

Max drawdown

−31.2%

Goal fit 85 / 100

Conservative Income

Conservative risk

Exp return

5.6%

Volatility

6.8%

Sharpe

0.66

Max drawdown

−13.8%

Goal fit 74 / 100

Goals & objectives · ranked Need · Want · Wish

Rank the goals. Fund what matters first.

Probability of success

94%

priority-weighted MC

Needs funded

100%

essential objectives

Wishes funded

86%

discretionary

Goals defined

2 Need · 2 Want · 3 Wish

Horizon

30yr

Monte Carlo basis

Lifetime cost

$20.8M

present value

Needs are funded first, then Wants, then Wishes — and the plan's resources are tested against each in order.

The twelve-step workflow · screen by screen

From ported holdings to a routed, signed proposal.

01 / 09 app.foliomax.com/maxproposals/the-smith-family/client-accounts

Client & accounts. Holdings and household carried in from MaxAnalyze — include or exclude any account and totals, allocation and flags update live.

The handoff

Analyze and propose — without re-keying a thing.

MaxAnalyze · where the client is

Extracted, classified, looked-through.

Holdings · classifications · look-through

Custodian-stated AUM · cell-level provenance

→

Ported · provenance intact

MaxProposals · where they should be

Arrives as the Current Portfolio.

Goals · projection · recommended strategy

+ firm-wide Capital Market Assumptions

One client record

The client carries across, tagged "ported from MaxAnalyze." No re-entry.

Holdings → Current Portfolio

Same security master, classifications, and look-through.

AUM carries through

The audited custodial total is the basis the plan funds goals against.

Provenance survives

The trail back to the statement isn't dropped at the boundary.

MaxPortfolio · govern

The operating system for institutional investment committees.

Where the models that power every proposal are built, stress-tested, and governed. MaxPortfolio carries a committee decision from market signal to an implemented, fully documented allocation — construction, predictive signals, risk, governance and audit, on one continuous chain of custody.

10 AI agents Unlimited asset classes 27 working surfaces Audit-grade by design

Signal

Proposal

Governance

Implementation

Audit

One continuous chain of custody for every allocation decision.

The command center · one live view

Portfolio health

78/100

all clear

Composite signal

neutral · 0–100

Compliance

0 open exceptions

ISC win rate

64%

14 of 22 added alpha

Expected return

5.1%

Balanced Growth

Portfolio risk

7.8%

Sharpe 0.33

Portfolio construction

Visual and table model editors with live return, risk, Sharpe, Sortino, Calmar and VaR — tax-aware CMAs across 14 asset classes, IPS-flagged as you build.

Predictive signals & alpha

0–100 composite scores across momentum, trend, valuation, macro, regime and sentiment — plus an 11-factor alpha-probability engine at 3M / 6M / 12M.

Risk & simulation

VaR/CVaR, a 14×14 correlation matrix, stress tests, Monte Carlo probability-of-success, and live regime detection with transition probabilities.

Governance & workflow

Guided proposals, real-time IPS checks, committee voting and store writes — every change routed, reviewed and recorded.

Backtesting & attribution

Strategy and per-decision backtests with Brinson-Hood-Beebower attribution — allocation, selection and interaction, at three levels.

AI agent layer

Ten specialized agents and an orchestrator powering every surface — run on demand or on schedule, with streaming output and full logs.

The engine · the platform's most valuable piece

Change one model. Update them all — safely.

A single weight change is scaled proportionally across every model variant, then run through IPS-violation checks before anything is written. Override any propagated weight by hand, or let the engine do the work — and inspect every model, current vs proposed, before routing for the vote.

✓Proportional propagation — scales a base change across all variants while preserving each model's intent.

✓Real-time IPS checks — flags any allocation that breaches policy ranges before it is committed.

✓Current vs. proposed — every model inspected side-by-side before it routes for approval.

Propagation

Base change

Conservativein range

Balancedin range

Growthin range

AggressiveIPS flag

All Equityin range

Diversifiedin range

Twenty-seven working surfaces · a selection

The whole committee workflow, on screen.

01 / 13 app.foliomax.com/maxportfolio/dashboard

Command center. Portfolio health, composite signal, compliance and ISC win rate in one live view — efficient frontier, asset-class signals, regime quadrant and cumulative decision alpha.

AI-native · ten agents, one orchestrator

Market Data

Research

FRED Economic

Signal Scoring

Regime Detection

Portfolio Optimization

Report Generation

Compliance Monitor

Deep Research

Orchestrator

The flagship workflow · five governed steps

Select model

Pick a base model and name the proposal.

Build changes

Adjust weights with live metrics and per-change alpha scoring.

Propagate

Cascade across every model variant with IPS checks.

Review & route

Summarize, pick reviewers, submit for committee review.

Final approval

Track the timeline, vote, and implement with a written record.

Why FolioMax

Purpose-built where stitched-together tools break.

The patchwork stack

✕Models, signals, and policy in separate tools
✕Statements re-keyed by hand; no chain of custody
✕Manual, multi-week approval routing
✕Attribution done ad-hoc, if at all
✕Reports rebuilt by hand every quarter

FolioMax

✓One integrated system, signal to audit
✓Cell-level provenance, structured automatically
✓Guided workflow with fast-track routing
✓Built-in Brinson attribution and backtests
✓Board-ready reports, generated on demand

Built for

For the advisors and committees who answer for the money.

RIAs

Family Offices

Wealth Managers

OCIOs

Endowments

Foundations

Pension Boards

Investment Committees

Faster cycles

Tactical moves routed in days, not weeks.

Audit-ready

A defensible record for every decision.

Measurable alpha

Attribution that compounds committee skill.

Stronger governance

IPS enforced on every proposed weight.

About FolioMax

Built by wealth management practitioners for modern advisory firms.

We help advisors and portfolio managers analyze complex portfolios, generate personalized proposals, and implement tax-aware SMA & UMA portfolio transitions with greater clarity, efficiency, and operational precision.

Who we are

FolioMax was created to solve the real operational and portfolio-management challenges wealth management firms face every day. From client acquisition and statement analysis to proposal generation, portfolio implementation, SMA transitions, tax-aware rebalancing, and operational oversight — modern advisory firms need more than disconnected tools and manual workflows.

FolioMax brings these workflows together into a unified platform designed specifically for the complexity of real-world wealth management environments.

One unified platform

From client acquisition to ongoing oversight.

Statement analysis, proposal generation, SMA & UMA transitions, tax-aware rebalancing, and operational oversight — brought together for the complexity of real-world wealth management, with no disconnected tools or manual handoffs.

Leadership

Founders who have lived these workflows firsthand.

FolioMax was founded by professionals with deep experience in wealth management, portfolio analytics, investment strategy workflows, and financial technology operations — people who understand the operational realities faced by RIAs, banks, and institutional wealth management firms.

CEO & Founder

Evenz Escarne

Evenz Escarne is the Founder and CEO of FolioMax, a wealth management platform that streamlines portfolio analysis and proposal generation for investment professionals. He brings more than two decades in wealth management and financial services, with deep expertise across portfolio analysis, asset allocation, investment strategy, and financial technology.

Before founding FolioMax, Evenz held key roles at BNY Mellon, where he sharpened his work in investment management, data-driven financial solutions, and portfolio optimization — helping advisors strengthen performance measurement and risk assessment.

He built FolioMax to give wealth managers tools that turn custodial statements into structured intelligence, surface deeper portfolio insight, and support better-documented decisions. Under his leadership, the platform is changing how firms analyze and manage client portfolios — adding precision, clarity, and automation across the work.

Chief Visionary Officer

Steven H. Reiff

Mr. Reiff has led the strategy formation, execution, and development of significant businesses in the wealth management and investment industry. He has carried P&L responsibility for these entities and led product and systems development initiatives — private investment funds, 20+ publicly traded mutual funds, and separate-account models with over $150B in AUM. Reporting directly to him were product development, investment oversight, and all advisory personnel interfacing with clients and portfolio management teams.

As National Director of Analytics, Advice and Investment Solutions, Steven oversaw all asset classes and all client accounts for compliance to investment risk management. Concurrently, he served as CIO for the Lockwood Advisors RIA, supporting independent RIAs with asset allocation, portfolio construction, and oversight of all investments fulfilling client portfolios.

Mr. Reiff was also President and CEO of a $1B+ family office for the founder of Federated Investments and over 270 family members — with responsibilities spanning tax and planning for 240 entities and managing family farms and real estate in Naples and on Keewaydin Island.

Chief Technology Officer

Ankit Agarwal

Ankit Agarwal is a visionary entrepreneur and seasoned technology leader with over 18 years of experience in fintech and wealth management. He is the creator and Chief Technology Officer of Hexaview Technologies, where he drives innovation and builds scalable solutions for customers around the world.

Ankit is the founder of Nuaav and Iden2, businesses that reflect his enthusiasm for impact driven by technology. He previously scaled and successfully exited a business that was acquired by Addepar, a billion-dollar financial technology company in the United States.

Having authored and delivered more than a dozen professional papers and whitepapers, Ankit is well known as a thought leader. An Inc. 5000 entrepreneur and member of the Forbes Business Council, he has shared his expertise on emerging technology and financial trends. His multicultural experience spans collaborations across North America, Europe, Singapore, Australia, and the GCC.

Now serving as Fractional CTO for the wealth management startup FolioMax, Ankit applies his technical know-how and strategic vision to spur innovation and expansion — reinforcing his standing as a game-changing leader in the industry.

Built for trust, security, and operational confidence.

FolioMax maintains a strong security and compliance posture through modern infrastructure, operational controls, and continuous monitoring.

See our security posture →

Platform packages

Configured around your firm — not a one-size-fits-all grid.

FolioMax is packaged around your portfolio analysis, proposal generation, implementation, and operational workflows. Choose the tier that matches where your firm is today; every plan is scoped with you.

Advisory Essentials

Portfolio intelligence for advisory teams

Best for independent RIAs, boutique advisory teams, and firms beginning to modernize portfolio analysis.

CustomScoped to your firm

Request a walkthrough

MaxAnalyze
Statement & portfolio analysis
Household aggregation
Holdings & allocation intelligence
Concentration & exposure insights
Mutual fund / ETF analysis
Stock overlap report
Holdings summary snapshot
Chatbot assistant

Most complete

Advanced Advisory

Analysis + proposal generation

Best for growing firms, multi-advisor practices, and teams that need structured, client-ready proposal workflows.

CustomScoped to your firm

Request a walkthrough

Everything in Essentials, plus
MaxProposals
Compare current vs. proposed portfolios
Generate client-ready proposals
Tax & fee assumptions
Risk, return, yield & drawdown analysis
Back-testing & Monte Carlo simulations
Fee & growth projections
Custom portfolio construction

Enterprise Implementation

Tax-aware SMA & UMA workflows

Best for banks, enterprise RIAs, SMA/UMA platforms, and institutional teams managing real-world complexity.

CustomScoped to your firm

Request a walkthrough

Everything in Advanced, plus
MaxImplement
Tax-aware transitions & rebalancing
Turnover & realized-gain constraints
In-kind transfer optimization
Scenario & what-if modeling
SMA & UMA rebalancing
Drift & concentration monitoring
Compliance thresholds & multi-sleeve allocations

Data privacy & security

Enterprise-grade security for modern wealth management.

FolioMax is committed to protecting client data, maintaining operational integrity, and supporting the security expectations of RIAs, banks, family offices, and institutional wealth management firms.

Request a walkthrough View Vanta Trust Center

SOC 2 Type II — journey AWS infrastructure Encrypted in transit & at rest Vanta continuous monitoring

SOC 2 governance · Vantamonitoring

Role-based access & authentication

Encryption in transit & at rest

AWS infrastructure · isolation

Protected at the corePortfolio data & client workflows

SOC 2 Type II Journey In progress

Building toward SOC 2 Type II, monitored continuously by Vanta.

FolioMax is actively progressing through its SOC 2 Type II compliance journey with support from Vanta for continuous monitoring, evidence collection, and operational oversight — a framework aligned with industry best practices across security, availability, access management, change management, and business continuity.

Continuous controls monitoring via Vanta

How we protect your data

Security at every layer of the platform.

From the cloud it runs on to the way changes ship, each layer is designed to protect sensitive financial information and support the controls regulated firms expect.

SOC 2 Type II Journey

Actively progressing toward SOC 2 Type II with continuous monitoring, documented controls, and evidence collection across security, availability, access management, change management, and business continuity.

In progress · Vanta

AWS Infrastructure

Hosted on enterprise cloud infrastructure built for resiliency, operational reliability, and secure data handling — with secured networking and environment isolation. Configurations and controls are continuously reviewed.

Encryption in Transit & At Rest

Industry-standard encryption protocols help protect sensitive financial and operational data wherever it moves or sits, supporting the confidentiality and integrity of client information across the platform.

Role-Based Access Controls

Role-based access and authentication mechanisms help ensure users reach only the systems, features, and data appropriate to their role — reducing exposure and maintaining administrative governance.

Vanta Continuous Monitoring

Continuous monitoring through Vanta gives centralized visibility into security controls, infrastructure, evidence collection, and compliance-related workflows — backed by ongoing operational reviews and system oversight.

Secure Development Lifecycle

Security is built into every stage of development and deployment. Platform updates, infrastructure changes, and ongoing improvements follow structured processes designed for reliability and secure delivery.

By design

Security is foundational to how FolioMax operates.

Wealth management firms operate in highly regulated, trust-driven environments where confidentiality, operational controls, and data integrity are critical. Security is integrated into every layer of the platform — from infrastructure and authentication to operational monitoring and access governance.

Infrastructure

Authentication

Operational monitoring

Access governance

Built for institutional workflows

Designed for the work wealth teams actually do.

FolioMax supports sensitive financial workflows end to end — secured at every step, from first statement to ongoing oversight.

Statement analysis Proposal creation Transition planning Tax-aware SMA & UMA implementation Portfolio monitoring Household-level portfolio intelligence Operational oversight

Get in touch

Questions about security or compliance?

Our team is happy to discuss security practices, operational controls, platform architecture, and compliance initiatives with prospective and existing clients.

Contact FolioMax Request a walkthrough

Security & compliance: support@foliomax.com

Analyze · Propose · Implement · Govern

Analyze. Propose. Implement. Govern.

From the first data point to the final, documented vote — one platform, one data spine, one unbroken chain of custody.

Back to site

Legal

Privacy Policy

Effective date: April 1, 2025

FolioMax, Inc. (“FolioMax,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through this Privacy Policy. This document outlines how we collect, use, disclose, and safeguard your information when you use our website and services, including our AI-powered SaaS platform, Max (the “Service”).

1. Information We Collect

We may collect the following types of information:

Personal Information: name, email address, phone number, and other contact details.
Financial Information: payment details when you subscribe to our Service.
Usage Data: information on how you interact with our website and Service.
Cookies & Tracking Technologies: data collected through cookies, web beacons, and similar technologies.

2. How We Use Your Information

We use your information for the following purposes:

To provide, maintain, and improve our Service.
To personalize user experience and enhance security.
To process transactions and send account-related communications.
To comply with legal obligations and enforce our terms of use.

3. Sharing of Information

We do not sell or rent your personal data. We may share your information with:

Service Providers: third-party vendors who assist in providing our Service.
Legal Compliance: authorities if required by law or to protect our legal rights.
Business Transfers: in the case of a merger, sale, or asset transfer.

4. Data Security

We implement industry-standard security measures to protect your information. However, no method of transmission over the internet is 100% secure.

5. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including access, correction, or deletion requests. Contact us at support@foliomax.com for inquiries.

6. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated effective date.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@foliomax.com.

Back to site

Legal

Terms & Conditions

Effective date: April 1, 2025

Welcome to FolioMax, Inc. (“FolioMax,” “we,” “us,” or “our”). By accessing or using our website and services, including our AI-powered SaaS platform, Max (the “Service”), you agree to comply with and be bound by these Terms and Conditions (“Terms”).

1. Acceptance of Terms

By using our Service, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree, please refrain from using our Service.

2. Use of the Service

You must be at least 18 years old to use our Service.
You agree to use the Service only for lawful purposes and in accordance with these Terms.
You shall not interfere with or disrupt the Service or any associated networks.

3. Account Registration

You may be required to create an account to access certain features of the Service.
You are responsible for maintaining the confidentiality of your account credentials.
You agree to provide accurate and complete information when registering for an account.

4. Subscription and Payment

Some features of the Service may require a subscription.
Payments are due as specified at the time of purchase.
We reserve the right to change pricing with prior notice.

5. Intellectual Property

All content, trademarks, and intellectual property within the Service remain the property of FolioMax or its licensors.
You may not reproduce, distribute, or create derivative works without our prior written consent.

6. Limitation of Liability

The Service is provided “as is” without any warranties, express or implied.
We shall not be liable for any indirect, incidental, or consequential damages arising from your use of the Service.

7. Termination

We reserve the right to suspend or terminate your access to the Service if you violate these Terms.
You may terminate your account at any time by contacting us.

8. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Commonwealth of Virginia.

9. Changes to These Terms

We may update these Terms periodically. Any changes will be posted on this page with an updated effective date.

10. Contact Us

If you have any questions about these Terms, please contact us at support@foliomax.com.

Back to site

Legal

Security

Vulnerability Disclosure Policy

FolioMax is committed to maintaining the security of our platform and protecting client data. We welcome security researchers and the broader community to responsibly disclose potential vulnerabilities.

Reporting a Vulnerability

If you believe you have identified a security vulnerability, please report it to:

security@foliomax.com

Please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Any supporting materials (screenshots, logs, etc.)

Guidelines

Do not access or modify data that does not belong to you.
Do not disrupt or degrade service availability.
Do not attempt social engineering or physical attacks.
Provide reasonable time for remediation before disclosure.

Our Commitment

We will acknowledge receipt within 3–5 business days.
We will investigate and remediate validated issues promptly.
We will not take legal action against researchers acting in good faith.

Safe Harbor

FolioMax considers activities conducted in accordance with this policy to be authorized and will not pursue legal action against individuals who act responsibly.

Scope

This policy applies to:

FolioMax web applications
APIs and backend services
Cloud infrastructure (AWS-hosted environments)

Rewards

At this time, FolioMax does not offer recognition outside of its structured program. For defined incentives and payout tiers, see our Bug Bounty Program.

Back to site

Legal

Bug Bounty

FolioMax Bug Bounty Program · Effective March 31, 2026 · Version 1.0

FolioMax is committed to maintaining the highest standards of security for our platform and client data. To support this, we operate a formal Bug Bounty Program that rewards security researchers for responsibly identifying vulnerabilities.

Scope

In-scope systems include:

FolioMax web applications
APIs and backend services
AWS-hosted infrastructure
Authentication and access-control mechanisms

Out of scope:

Social engineering
Physical attacks
Denial of service (DoS / DDoS)
Third-party systems not controlled by FolioMax

Reporting Process

Submit vulnerabilities to:

security@foliomax.com

Include:

Description of the issue
Steps to reproduce
Impact assessment
Supporting evidence

Reward Structure

Severity	Example	Reward
Critical	Remote code execution, auth bypass, data exfiltration	$500 – $1,500
High	Privilege escalation, sensitive data exposure	$250 – $750
Medium	XSS, CSRF, logic flaws	$100 – $300
Low	Minor misconfigurations	$25 – $100

Rewards are determined based on severity, impact, and report quality.

Eligibility for Rewards

To qualify:

Must be the first valid report of the issue
Must include clear reproduction steps
Must not exploit the vulnerability beyond proof of concept
Must follow responsible disclosure practices

Response Timeline

Acknowledgment: 3–5 business days
Initial assessment: within 7 days
Resolution timeline based on severity

Safe Harbor

FolioMax will not pursue legal action against researchers who:

Act in good faith
Follow this policy
Do not exploit vulnerabilities beyond necessary testing

Legal

Participation in this program does not grant permission to:

Access unauthorized data
Disrupt services
Violate applicable laws