Overview
At Edovia, security is a priority, and we welcome responsible reports of vulnerabilities from security researchers and the public. If you believe you've found a security issue, privacy concern, or exposed data in our products or services, we encourage you to share it with us. This document outlines how to report security issues, our commitments, and expectations.
Scope
This policy applies to:
- Edovia software and products
- Edovia-operated services and infrastructure
- Documentation related to our products
Exclusions
The following types of reports are outside the scope of this policy:
- Physical security concerns (e.g., office access, unauthorized entry)
- Social engineering attacks (e.g., phishing, impersonation attempts)
- Issues in systems not explicitly listed in the Scope section
- Cosmetic issues (e.g., UI/UX bugs without security impact)
- Typographical errors
- Denial of Service (DoS/DDoS) vulnerabilities
- Third-party services not managed by Edovia
If you discover an issue in an out-of-scope system, we encourage you to report it to the appropriate vendor or organization.
What You Can Expect from Us
When you report a valid security issue in good faith, we will:
- Acknowledge your report and begin assessment as quickly as possible
- Keep you informed about the status of your report while it is under review
- Work to resolve security vulnerabilities based on their severity and impact
- Provide Safe Harbor protection when disclosure follows the guidelines in this policy
Responsible Disclosure Guidelines
To ensure a responsible and effective disclosure process, we ask that you:
- Follow this policy and any applicable terms when investigating security concerns
- Report findings promptly and avoid actions that could disrupt services or users
- Limit testing to what is necessary to demonstrate an issue
- Use official channels to communicate security concerns
- Give us a reasonable amount of time to address the issue before public disclosure
- Only test systems within scope and avoid any explicitly excluded targets
- Use test accounts that you own or have explicit permission to use
- Refrain from any actions that could be interpreted as extortion or demands for compensation
Reporting Security Issues
To report a security concern, please use the following official channel:
https://edovia.com/.well-known/security.txt
The more details you provide, the faster we can evaluate and address the issue.
Safe Harbor
If you conduct security research in good faith and in line with this policy, we will:
- Consider your research authorized under applicable anti-hacking laws
- Not pursue legal action for unintentional policy violations
- Not enforce anti-circumvention laws against your testing
- Treat your findings as an effort to improve security, not as a violation of our terms
If a third party takes legal action against you for research aligned with this policy, we will communicate that your actions followed responsible disclosure principles.
If you are unsure whether your testing aligns with this policy, please contact us before proceeding.
Note: Safe Harbor applies only to legal claims under Edovia’s control and does not extend to independent third parties.
Bounty Program
At this time, Edovia does not offer monetary bounties or rewards for vulnerability reports.