Vulnerability Disclosure

Found something? We want to hear it.

We’re a security company. Holding ourselves to the standard we ask of others means making it easy and safe to report a flaw.

How to report

Email security@antrixis.com with enough detail to reproduce the issue — affected endpoint or component, steps, and impact. Encrypted reports are welcome; request our PGP key in your first message.

Our commitment to you

  • We acknowledge new reports within two business days.
  • We’ll keep you updated as we triage, validate, and remediate.
  • We won’t pursue legal action for good-faith research under this policy.
  • With your permission, we’ll credit you once a fix has shipped.

Safe harbor

Research conducted in line with this policy is considered authorized. We will not initiate or support legal action against researchers for accidental, good-faith violations. If in doubt about whether an action is permitted, ask us first.

Please do

  • Test only against accounts and assets you own or are explicitly permitted to.
  • Give us reasonable time to remediate before any public disclosure.
  • Stop and report immediately if you encounter customer data.

Please don’t

  • Access, modify, or exfiltrate data that isn’t yours.
  • Degrade service — no denial-of-service, spam, or social engineering.
  • Disclose the issue publicly before we’ve had a chance to fix it.

Scope

Our production application and public marketing site are in scope. Third-party services we rely on are governed by their own programs. When in doubt, email us and we’ll clarify.

Reporting something time-sensitive?

Email security@antrixis.com directly — it routes straight to our security team.