Security Disclosure Policy
At Dexory, we take the security of our systems, products, and data seriously. We value the contributions of the security research community in helping us maintain a safe and secure environment for our customers.
If you believe you have discovered a vulnerability in a Dexory system or product, we ask that you disclose it responsibly, following the guidelines below.
Reporting a vulnerability
Please send details of the potential vulnerability to security@dexory.com. Include as much information as possible to help us understand and reproduce the issue, such as:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any supporting evidence (screenshots, proof-of-concept code etc.)
Our commitments
We collect or use the following information:
- We will acknowledge receipt of your report as quickly as possible.
- We will investigate all reports and work to address confirmed vulnerabilities in a timely manner, in accordance with our security policies.
- We may provide updates on progress, but cannot guarantee regular communication.
- If you would like to be acknowledged for your discovery, we will consider doing so publicly (unless you prefer to remain anonymous).
Guidelines
We ask that you:
- Give us a reasonable amount of time to investigate and fix the issue before publicly disclosing it.
- Avoid accessing, modifying, or deleting data that does not belong to you.
- Avoid disrupting Dexory services.
- Comply with all applicable laws.
Recognition and rewards
Dexory may, at its sole discretion, choose to recognise your contribution with public acknowledgement or a token of appreciation. While we do not operate a formal bug bounty programme, we may provide a reward where appropriate.
Safe harbour
If you follow this policy in good faith, we will consider your actions authorised and will not initiate legal action against you.