Security & vulnerability disclosure

We take the security of Hivanced and our customers’ data seriously. If you believe you have found a security vulnerability, we want to hear from you. This page describes how to report it and what you can expect in return.

Report a vulnerability

Email [email protected]. Our machine-readable policy is published at /.well-known/security.txt per RFC 9116.

How to report

Email our security team
Send a detailed report to [email protected]. Encrypt sensitive details if you can; otherwise plain email is accepted.
Describe the issue
Include the affected endpoint or page, reproduction steps, the impact you observed, and any proof-of-concept. Clear steps speed up triage.
Give us time to fix
We acknowledge reports within 3 business days and aim to remediate validated issues before any public disclosure. Please coordinate timing with us.

Scope

In scope

hivanced.com and www.hivanced.com
api.hivanced.com (public API surface)
The authenticated Hivanced platform

Out of scope

Volumetric denial-of-service (DoS / DDoS) and traffic flooding
Social engineering, phishing, or physical attacks against staff or facilities
Reports from automated scanners with no demonstrated, exploitable impact
Third-party services and co-tenant sites that are not operated by Hivanced

Safe harbour

We will not pursue or support legal action against researchers who report vulnerabilities in good faith, act in accordance with this policy, avoid privacy violations and data destruction, and give us a reasonable window to remediate before public disclosure. If in doubt about whether an action is acceptable, contact us first.

What to expect

Acknowledgement of your report within 3 business days.
An assessment and remediation plan for validated issues.
Coordination on disclosure timing before anything is made public.

See also our Privacy Policy and Data Processing Agreement.

Security & vulnerability disclosure

Report a vulnerability

Email [email protected]. Our machine-readable policy is published at /.well-known/security.txt per RFC 9116.

How to report

Email our security team
Send a detailed report to [email protected]. Encrypt sensitive details if you can; otherwise plain email is accepted.
Describe the issue
Include the affected endpoint or page, reproduction steps, the impact you observed, and any proof-of-concept. Clear steps speed up triage.
Give us time to fix
We acknowledge reports within 3 business days and aim to remediate validated issues before any public disclosure. Please coordinate timing with us.

Scope

In scope

hivanced.com and www.hivanced.com
api.hivanced.com (public API surface)
The authenticated Hivanced platform

Out of scope

Volumetric denial-of-service (DoS / DDoS) and traffic flooding
Social engineering, phishing, or physical attacks against staff or facilities
Reports from automated scanners with no demonstrated, exploitable impact
Third-party services and co-tenant sites that are not operated by Hivanced

Safe harbour

What to expect

Acknowledgement of your report within 3 business days.
An assessment and remediation plan for validated issues.
Coordination on disclosure timing before anything is made public.

See also our Privacy Policy and Data Processing Agreement.

Security & vulnerability disclosure

Report a vulnerability

How to report

Email our security team

Describe the issue

Give us time to fix

Scope

In scope

Out of scope

Safe harbour

What to expect

Security & vulnerability disclosure

Report a vulnerability

How to report

Email our security team

Describe the issue

Give us time to fix

Scope

In scope

Out of scope

Safe harbour

What to expect