Responsible Disclosure

Report a vulnerability

We take security seriously and value the work of researchers who help us keep our platform and customers safe. If you have found a vulnerability, we want to hear from you.

Our Policy

Disclosure guidelines

Scope

Our production applications, APIs, and infrastructure at archaeoon.com and associated subdomains.

Response Time

We acknowledge all reports within 24 hours and aim to provide an initial assessment within 5 business days.

Safe Harbour

We will not pursue legal action against researchers who act in good faith and follow this policy.

Confidentiality

We ask that you do not publicly disclose the vulnerability until we have had reasonable time to address it.

Recognition

With your permission, we will credit you publicly for verified vulnerabilities in our security advisories.

Out of scope

  • Denial of service (DoS/DDoS) attacks
  • Social engineering or phishing of employees
  • Physical security attacks
  • Automated scanning without prior coordination
  • Vulnerabilities in third-party services we do not control

Submit a Report

Report a vulnerability

All reports are handled confidentially. We will never share your information without your consent.