Responsible Disclosure Policy

Primary contact: security@scrypex.com

• We will acknowledge your report within 48 hours
• We will investigate and provide updates within 7 days
• We will not take legal action against good-faith researchers
• We will credit you in our security acknowledgments (if desired)
• We will work to fix confirmed vulnerabilities within 30 days

• scrypex.com and official SCRYPEX web properties
• SCRYPEX customer dashboard and authenticated APIs
• Authentication and authorization issues
• Data exposure vulnerabilities
• Injection vulnerabilities

• Social engineering attacks
• Physical security attacks
• Denial of service attacks
• Issues in third-party services we use
• Previously known vulnerabilities

We support safe, responsible security research. If you act in good faith, avoid privacy violations, avoid data destruction, and do not disrupt our services, we will not pursue legal action against you for your research.

Please give us a reasonable time to investigate and remediate before disclosing publicly, and do not access or modify data that does not belong to you.

See the Trust Center for data handling, core subprocessors, and DPA requests. For vulnerability reports and questionnaires, contact security@scrypex.com.