Responsible Disclosure Policy
Last updated: 17.07.2026
We welcome reports from security researchers. If you believe you have found a vulnerability in Aegvale, please help us protect our users by disclosing it responsibly.
How to report
Email support@aegvale.com with a description of the issue, the steps to reproduce it, and any proof-of-concept. Please encrypt sensitive details if possible and give us a reasonable time to respond before public disclosure.
Guidelines (safe harbor)
- Only test against your own accounts and data — do not access, modify or delete other users’ data.
- Do not run denial-of-service attacks, spam, or social-engineering against our staff or users.
- Do not use automated scanners that degrade the service.
- Give us time to remediate before disclosing publicly.
If you follow these guidelines in good faith, we will not pursue or support legal action against you for your research.
Our commitment
- We aim to acknowledge reports promptly and keep you updated on remediation.
- We will credit researchers who wish to be recognized, once a fix is released.
Scope
In scope: the Aegvale web application and API. Out of scope: findings that require a compromised device, issues in third-party services we use, and best-practice suggestions without a demonstrable security impact.