Skip to main content

Responsible disclosure statement

Security matters to us. We continuously work to keep our systems and services safe, and we're grateful when people take the time to report vulnerabilities responsibly.

If you've found a weak spot, email us at security@reaktor.com.

Reporting a vulnerability

Reporting before going public gives us time to address the issue properly. When you submit a report, please include:

  • Enough detail to reproduce the problem (the URL of the affected service and a description of the vulnerability usually does the job)
  • Your contact details (name, email address, and/or phone number) so we can follow up
  • Your findings as soon as possible after discovery

Please report in English. Missing or permissively configured email authentication records (SPF, DKIM, DMARC) are out of scope for this program.

How we respond

Your report is treated confidentially. We'll acknowledge receipt within five business days and provide detailed feedback on your findings within ten business days.

Guidelines for responsible investigation

  • Keep the vulnerability confidential until it's resolved.
  • Limit your actions to the minimum needed to identify the issue.
  • Don't take any action that could affect the availability of our services.
  • Only perform actions necessary to demonstrate the security issue.
  • Don't use brute force techniques or social engineering to access our systems.
  • Don't implement backdoors to demonstrate your findings.

Please note that this channel is for security disclosures only, not customer support or general service questions.