Enydea
Sign In

Responsible Disclosure

Security Vulnerability Reporting Policy

Our Commitment to Security

At Enydea, we take the security of our platform seriously. We appreciate the security research community's efforts in helping us maintain the security and privacy of our users.

Scope

This responsible disclosure policy applies to:

  • All Enydea web applications (*.enydea.com)
  • Enydea APIs and backend services
  • Mobile applications (if applicable)
  • Infrastructure supporting Enydea services

How to Report a Vulnerability

If you discover a security vulnerability, please report it to us privately:

  • Email:[email protected]
  • Subject Line: "Security Vulnerability Report"
  • PGP Key: Available upon request for encrypted communications

What to Include

Please provide the following information in your report:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up

Our Response Process

  1. Acknowledgment: We will acknowledge receipt within 2 business days
  2. Assessment: Our security team will investigate and assess the issue
  3. Communication: We will keep you informed of our progress
  4. Resolution: We will work to fix the vulnerability promptly
  5. Recognition: With your permission, we will acknowledge your contribution

Guidelines

To qualify for responsible disclosure, please:

  • Do not access or modify user data without permission
  • Do not perform actions that could harm Enydea or its users
  • Do not publicly disclose the vulnerability until we have addressed it
  • Do make a good faith effort to avoid privacy violations and service disruptions
  • Do give us reasonable time to address the issue before disclosure (typically 90 days)

Out of Scope

The following are not eligible for responsible disclosure:

  • Denial of Service (DoS) attacks
  • Social engineering attacks against Enydea employees
  • Physical security issues
  • Third-party services we use but don't control
  • Issues in outdated browsers or platforms
  • Self-XSS or issues requiring significant user interaction

Recognition

We value security researchers who help us protect our users. Depending on the severity and impact of the vulnerability, we may offer:

  • Public acknowledgment in our security hall of fame (with your permission)
  • A letter of appreciation
  • Swag or merchandise
  • For significant vulnerabilities: Monetary rewards (evaluated case-by-case)

Legal Safe Harbor

We will not pursue legal action against researchers who:

  • Follow this responsible disclosure policy
  • Act in good faith
  • Do not violate any applicable laws
  • Do not access or modify user data without authorization

Contact

For security-related inquiries:

  • Email: [email protected]
  • Company: XBMS B.V.
  • Location: Amsterdam, Netherlands
  • KvK Number: 82869022

Thank you for helping us keep Enydea secure!