We value the security of our systems, services, and users. If you discover a security vulnerability in any Sipylus product, service, or infrastructure, we encourage you to report it to us responsibly.
- Contact: security@sipylus.com
- Encryption: Use our public PGP key
- Preferred language: English
Please provide as much detail as possible, including:
- The affected product, service, or domain
- Steps to reproduce the vulnerability
- Any potential impact you foresee
- Your preferred contact method (optional if you wish to remain anonymous)
- We will acknowledge receipt of your report within 72 hours.
- We will keep you informed of our remediation progress.
- We will credit you on our Acknowledgments page if you wish.
- We will not take legal action against researchers who report issues in good faith, following this policy.
This policy applies to all Sipylus-owned domains, services, and infrastructure unless explicitly excluded. If you are unsure whether a system is in scope, please ask first.
- Denial-of-service (DoS) or spam-related issues without a demonstrable security impact
- Social engineering attacks against Sipylus employees, contractors, or users
- Physical attacks on Sipylus offices or data centers
We are committed to fixing verified vulnerabilities in a timely manner and improving the security of our products and services. This policy reflects our dedication to collaboration with the security community.