We value the security of our systems, services, and users. If you discover a security vulnerability in any Sipylus product, service, or infrastructure, we encourage you to report it to us responsibly.

How to Report

• Contact: security@sipylus.com
• Encryption: Use our public PGP key
• Preferred language: English

What to Include

Please provide as much detail as possible, including:

• The affected product, service, or domain
• Steps to reproduce the vulnerability
• Any potential impact you foresee
• Your preferred contact method (optional if you wish to remain anonymous)

What You Can Expect

• We will acknowledge receipt of your report within 72 hours.
• We will keep you informed of our remediation progress.
• We will credit you on our Acknowledgments page if you wish.
• We will not take legal action against researchers who report issues in good faith, following this policy.

Scope

This policy applies to all Sipylus-owned domains, services, and infrastructure unless explicitly excluded. If you are unsure whether a system is in scope, please ask first.

Out of Scope

• Denial-of-service (DoS) or spam-related issues without a demonstrable security impact
• Social engineering attacks against Sipylus employees, contractors, or users
• Physical attacks on Sipylus offices or data centers

Our Commitment

We are committed to fixing verified vulnerabilities in a timely manner and improving the security of our products and services. This policy reflects our dedication to collaboration with the security community.

Updated by The Sipylus Legal Team on January 1, 2016.