Do you have an email which a party wishing to make a responsible disclosure can correspond with your team?
This public forum is probably not appropriate for reporting possibly sensitive issues.
Regarding the responsible disclosure policy, part of it is about establishing a reporting process and commitments to prioritize fixing issues, but also about assurances that responsible disclosures made in good faith will be treated in good faith, and that the reporter would not be penalized.
It’s not surprising that some companies react to be being notified about potential security issues by threatening the messenger with legal action – which has a chilling effect on responsible disclosure. The policy just helps set expectations on all sides.