Responsible Disclosure Policy

Last updated: April 1, 2025

Acceza Technology is committed to ensuring the safety and security of our customers and staff. We take security seriously and welcome reports of potential vulnerabilities. If you discover a security issue, we encourage responsible disclosure by following these guidelines:

Reporting a Vulnerability

  • Contact: security@accezatech.com
  • PGP Key: https://www.accezatech.com/.well-known/pub.asc
  • Preferred Format: Please include a clear description of the issue, steps to reproduce, and any supporting materials such as logs or screenshots.
  • Scope: Reports should focus on vulnerabilities that could impact the confidentiality, integrity, or availability of our systems, applications, or user data.

Our Commitment

  • Acknowledgment: We aim to acknowledge reports within 48 hours and will provide periodic updates on the resolution status.
  • Resolution Timeline: Depending on the severity, we strive to address critical vulnerabilities as quickly as possible.
  • Non-Retaliation: We will not pursue legal action against security researchers acting in good faith and following responsible disclosure practices.
  • Recognition: While we do not offer monetary rewards or swag, we appreciate responsible disclosures and may recognize contributors through a Hall of Fame page, a Certificate of Appreciation, or a private acknowledgment.

Responsible Disclosure Guidelines

  • Do not exploit vulnerabilities beyond what is necessary for proof-of-concept.
  • Do not access, modify, or delete user data without explicit authorization.
  • Do not publicly disclose vulnerabilities before we have had an opportunity to address them.