Back to Home

Security Policy

Vulnerability Disclosure & Responsible Reporting

At Syntaxys Technologies, we take the security of our systems and our clients' data seriously. We appreciate the security community's efforts in responsibly disclosing vulnerabilities and helping us maintain the highest security standards.

Reporting a Vulnerability

If you believe you've found a security vulnerability in any Syntaxys Technologies system or application, please report it to us as described below.

Contact Information

What to Include in Your Report

To help us understand and address the issue quickly, please include:

  • Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)
  • Full paths of source file(s) related to the vulnerability
  • Location of the affected source code (tag/branch/commit or direct URL)
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit it
  • Any suggested remediation steps

Our Commitment

When you report a security issue, we commit to:

  • Acknowledge receipt of your vulnerability report within 48 hours
  • Provide regular updates on our progress addressing the vulnerability
  • Work with you to understand and validate the issue
  • Keep you informed of the fix and when it's deployed
  • Publicly acknowledge your responsible disclosure (if you wish)

Scope

In Scope

  • Syntaxys Technologies websites and web applications
  • Mobile applications developed by Syntaxys Technologies
  • APIs and backend services operated by Syntaxys Technologies

Out of Scope

  • Denial of Service (DoS/DDoS) attacks
  • Social engineering attacks against our employees or contractors
  • Physical security attacks against our offices or data centers
  • Third-party services and websites not controlled by Syntaxys Technologies

Safe Harbor

We consider security research conducted under this policy as:

  • Authorized concerning any applicable anti-hacking laws
  • Lawful and we will not initiate legal action against you
  • Conducted in good faith and we will work with you to understand and resolve the issue

As long as you comply with this policy, we will not:

  • Pursue legal action against you
  • Request law enforcement to investigate you

Responsible Disclosure Guidelines

To protect our users and systems, we ask that you:

  • Make every effort to avoid privacy violations, data destruction, and service disruption
  • Only interact with accounts you own or have explicit permission to access
  • Do not exploit a vulnerability beyond what is necessary to confirm its existence
  • Allow us a reasonable time to fix the issue before public disclosure
  • Do not publicly disclose the vulnerability until we've addressed it

Recognition

We value the security community's contributions and are happy to publicly acknowledge researchers who report valid vulnerabilities to us (if they wish to be acknowledged). We may also provide swag or other recognition for significant findings, at our discretion.

For any questions about this policy, please contact us at security@syntaxys.tech

Last updated: November 21, 2025