Security

Vulnerability Disclosure Policy

Effective

How to report

Email security@veirox.com. Encrypt the report with our PGP key (linked from security.txt) for sensitive details. We acknowledge within 2 business days.

Scope

In-scope:

Out of scope:

Safe-harbour rules

We won't pursue legal action against good-faith researchers who:

Recognition

We don't currently run a paid bug bounty. We will:

A paid program is on our roadmap as the customer base grows.

Response timeline

Hall of fame

Researchers who responsibly disclosed vulnerabilities to us:

Contact

security@veirox.com · /.well-known/security.txt