Legal · Security
Responsible Disclosure
Effective date: [DD Month YYYY] · Version 1.0
If you believe you've found a security vulnerability affecting SRONIQ, we want to hear from you. We ask that you report it responsibly, in line with the process below, and we commit to responding in good faith.
How to report
Email security@sroniq.com with a description of the issue, steps to reproduce, and any relevant proof-of-concept detail. Please do not include real customer data in your report.
What we ask
- Give us reasonable time to investigate and remediate before public disclosure.
- Avoid accessing, modifying, or exfiltrating data beyond what's needed to demonstrate the issue.
- Avoid testing that could degrade service for other users.
What you can expect
Acknowledgement of your report within two business days, and status updates as we investigate. We do not currently operate a paid bug bounty programme, but we credit responsible reporters where appropriate, with their permission.