Security

Responsible Disclosure Policy

Effective date: 03 February 2026

Last updated: 03 February 2026

1. Purpose

Netallion welcomes good-faith security research that improves safety for our users.

2. Reporting

Email: [email protected]

Include:

  • affected URL/service,
  • steps to reproduce,
  • expected vs actual behavior,
  • impact assessment,
  • minimal proof-of-concept (avoid sensitive data exposure).

3. Safe harbor (good-faith research)

We will not pursue legal action solely for good-faith research conducted under this policy when you:

  • avoid privacy violations and do not access more data than needed to demonstrate impact,
  • avoid service disruption (no DoS),
  • do not use social engineering,
  • give us a reasonable time to remediate before public disclosure.

4. Out of scope

  • denial-of-service testing,
  • phishing/social engineering,
  • physical attacks,
  • third-party systems not controlled by Netallion.

5. Response targets

We aim to:

  • acknowledge within 3 business days,
  • triage within 10 business days,
  • provide remediation updates as appropriate.

6. Recognition

We may offer public acknowledgement at our discretion, unless you request anonymity.

Related policies:

SecurityAcceptable UseTerms of ServiceAll Policies
Responsible Disclosure Policy | Netallion