Trust Center

Responsible disclosure policy

We welcome reports from security researchers acting in good faith and are committed to working with you to understand and resolve issues quickly.

Our commitment

If you believe you've found a security vulnerability in an Eiferone-owned system, we want to hear from you. We commit to acknowledging reports promptly, investigating in good faith, and keeping you informed of remediation progress.

Safe harbor

We will not pursue legal action against researchers who discover and report vulnerabilities in accordance with this policy, provided that you:

  • Make a good faith effort to avoid privacy violations, data destruction, and service disruption
  • Do not access, modify, or exfiltrate data beyond what is strictly necessary to demonstrate the vulnerability
  • Do not perform testing against third parties or their data
  • Give us reasonable time to investigate and remediate before public disclosure

Scope

This policy applies to systems and domains owned and operated by Eiferone. Third-party services we use, and systems belonging to our clients, are out of scope unless explicitly authorized in writing.

Out of scope issues

  • Denial of service (DoS/DDoS) testing
  • Social engineering of Eiferone employees or contractors
  • Physical security testing of Eiferone facilities
  • Reports generated purely from automated scanning without validation

How to report

See our Vulnerability Reporting page for the practical steps and what to include in your report.