Security Disclosure & Vulnerability Policy

Effective Date: 1, May, 2025

At Vuetra B.V. ("Vuetra", "we", "our", or "us"), we take the security of our systems and the trust of our users seriously. We are committed to protecting our platform, services, and data against unauthorized access, misuse, or abuse. This Security Disclosure and Vulnerability Policy outlines how security researchers and users may responsibly report vulnerabilities they discover in our platform, and how Vuetra responds to such reports.

Vuetra encourages responsible disclosure and cooperation in identifying and addressing potential security issues. We believe that open collaboration with the security community is essential to maintaining a safe and resilient service environment.

Purpose and Scope

This policy applies to any vulnerabilities discovered in Vuetra’s publicly accessible systems, including our main website at vuetra.com and workspace.vuetra.com, our mobile applications, our browser extension, and any related API or platform services. It is intended to provide a clear process for reporting security flaws, and to outline expectations for both reporters and Vuetra in handling those reports.

Reporting a Vulnerability

If you discover a potential security vulnerability, you are encouraged to report it to us directly and confidentially by emailing support@vuetra.com. Please include as much relevant detail as possible, such as a description of the issue, reproduction steps, potential impact, and any supporting screenshots or code samples. We request that reporters allow us a reasonable time period—typically 30 days—to investigate and address the issue before making it public.

Responsible Disclosure Principles

We expect all vulnerability reports to be made in good faith and in compliance with applicable laws. You must not attempt to exploit, use, or access any user data, interfere with platform functionality, or disrupt services while investigating a vulnerability. Reports that involve unauthorized access to accounts, data extraction, or real user disruption will not be considered responsible disclosures and may result in legal action.

Our Commitment to You

Vuetra will acknowledge valid reports within five business days of submission. We will investigate the issue and, where appropriate, work to remediate it. We will not take legal action against individuals who report vulnerabilities responsibly, act without malicious intent, and comply with the boundaries of this policy. We may publicly acknowledge your contribution if desired, and where applicable, include your name in a security credits list or “hall of fame” page.

Exclusions

We ask that reporters focus on meaningful and demonstrable vulnerabilities. The following issues are generally outside the scope of this policy: clickjacking on pages without sensitive content, disclosure of public files or metadata, use of outdated software libraries without an exploit path, missing best-practice headers with no security impact, or denial-of-service testing. We do not accept reports for third-party systems or services not operated directly by Vuetra.

No Bug Bounty Guarantee

While Vuetra greatly values responsible security research, this policy does not constitute a bug bounty program. We are not obligated to offer monetary rewards for disclosures. Should a formal bounty program be introduced in the future, its terms and eligibility requirements will be published separately.

Safe Harbor

We will not pursue legal action against individuals who report vulnerabilities responsibly and in accordance with this policy. This includes acting in good faith, avoiding harm to users or systems, not attempting extortion or leveraging discoveries for personal gain, and disclosing issues directly to Vuetra through the appropriate channels.

Changes to This Policy

Vuetra reserves the right to amend this Security Disclosure Policy at any time. Any updates will be published on this page and take effect immediately upon posting. We encourage users and researchers to review this policy periodically.

Vuetra Support Team

Email: support@vuetra.com

Registered Address: Nijverheidsstraat 7, 7772 TP Hardenberg, Netherlands

KVK (Chamber of Commerce) number: 94510288

BTW (VAT) number: NL866803762B01

Security Disclosure & Vulnerability Policy

Effective Date: 1, May, 2025

At Vuetra B.V. ("Vuetra", "we", "our", or "us"), we take the security of our systems and the trust of our users seriously. We are committed to protecting our platform, services, and data against unauthorized access, misuse, or abuse. This Security Disclosure and Vulnerability Policy outlines how security researchers and users may responsibly report vulnerabilities they discover in our platform, and how Vuetra responds to such reports.

Vuetra encourages responsible disclosure and cooperation in identifying and addressing potential security issues. We believe that open collaboration with the security community is essential to maintaining a safe and resilient service environment.

Purpose and Scope

This policy applies to any vulnerabilities discovered in Vuetra’s publicly accessible systems, including our main website at vuetra.com and workspace.vuetra.com, our mobile applications, our browser extension, and any related API or platform services. It is intended to provide a clear process for reporting security flaws, and to outline expectations for both reporters and Vuetra in handling those reports.

Reporting a Vulnerability

If you discover a potential security vulnerability, you are encouraged to report it to us directly and confidentially by emailing support@vuetra.com. Please include as much relevant detail as possible, such as a description of the issue, reproduction steps, potential impact, and any supporting screenshots or code samples. We request that reporters allow us a reasonable time period—typically 30 days—to investigate and address the issue before making it public.

Responsible Disclosure Principles

We expect all vulnerability reports to be made in good faith and in compliance with applicable laws. You must not attempt to exploit, use, or access any user data, interfere with platform functionality, or disrupt services while investigating a vulnerability. Reports that involve unauthorized access to accounts, data extraction, or real user disruption will not be considered responsible disclosures and may result in legal action.

Our Commitment to You

Vuetra will acknowledge valid reports within five business days of submission. We will investigate the issue and, where appropriate, work to remediate it. We will not take legal action against individuals who report vulnerabilities responsibly, act without malicious intent, and comply with the boundaries of this policy. We may publicly acknowledge your contribution if desired, and where applicable, include your name in a security credits list or “hall of fame” page.

Exclusions

We ask that reporters focus on meaningful and demonstrable vulnerabilities. The following issues are generally outside the scope of this policy: clickjacking on pages without sensitive content, disclosure of public files or metadata, use of outdated software libraries without an exploit path, missing best-practice headers with no security impact, or denial-of-service testing. We do not accept reports for third-party systems or services not operated directly by Vuetra.

No Bug Bounty Guarantee

While Vuetra greatly values responsible security research, this policy does not constitute a bug bounty program. We are not obligated to offer monetary rewards for disclosures. Should a formal bounty program be introduced in the future, its terms and eligibility requirements will be published separately.

Safe Harbor

We will not pursue legal action against individuals who report vulnerabilities responsibly and in accordance with this policy. This includes acting in good faith, avoiding harm to users or systems, not attempting extortion or leveraging discoveries for personal gain, and disclosing issues directly to Vuetra through the appropriate channels.

Changes to This Policy

Vuetra reserves the right to amend this Security Disclosure Policy at any time. Any updates will be published on this page and take effect immediately upon posting. We encourage users and researchers to review this policy periodically.

Vuetra Support Team

Email: support@vuetra.com

Registered Address: Nijverheidsstraat 7, 7772 TP Hardenberg, Netherlands

KVK (Chamber of Commerce) number: 94510288

BTW (VAT) number: NL866803762B01

Security Disclosure & Vulnerability Policy

Effective Date: 1, May, 2025

At Vuetra B.V. ("Vuetra", "we", "our", or "us"), we take the security of our systems and the trust of our users seriously. We are committed to protecting our platform, services, and data against unauthorized access, misuse, or abuse. This Security Disclosure and Vulnerability Policy outlines how security researchers and users may responsibly report vulnerabilities they discover in our platform, and how Vuetra responds to such reports.

Vuetra encourages responsible disclosure and cooperation in identifying and addressing potential security issues. We believe that open collaboration with the security community is essential to maintaining a safe and resilient service environment.

Purpose and Scope

This policy applies to any vulnerabilities discovered in Vuetra’s publicly accessible systems, including our main website at vuetra.com and workspace.vuetra.com, our mobile applications, our browser extension, and any related API or platform services. It is intended to provide a clear process for reporting security flaws, and to outline expectations for both reporters and Vuetra in handling those reports.

Reporting a Vulnerability

If you discover a potential security vulnerability, you are encouraged to report it to us directly and confidentially by emailing support@vuetra.com. Please include as much relevant detail as possible, such as a description of the issue, reproduction steps, potential impact, and any supporting screenshots or code samples. We request that reporters allow us a reasonable time period—typically 30 days—to investigate and address the issue before making it public.

Responsible Disclosure Principles

We expect all vulnerability reports to be made in good faith and in compliance with applicable laws. You must not attempt to exploit, use, or access any user data, interfere with platform functionality, or disrupt services while investigating a vulnerability. Reports that involve unauthorized access to accounts, data extraction, or real user disruption will not be considered responsible disclosures and may result in legal action.

Our Commitment to You

Vuetra will acknowledge valid reports within five business days of submission. We will investigate the issue and, where appropriate, work to remediate it. We will not take legal action against individuals who report vulnerabilities responsibly, act without malicious intent, and comply with the boundaries of this policy. We may publicly acknowledge your contribution if desired, and where applicable, include your name in a security credits list or “hall of fame” page.

Exclusions

We ask that reporters focus on meaningful and demonstrable vulnerabilities. The following issues are generally outside the scope of this policy: clickjacking on pages without sensitive content, disclosure of public files or metadata, use of outdated software libraries without an exploit path, missing best-practice headers with no security impact, or denial-of-service testing. We do not accept reports for third-party systems or services not operated directly by Vuetra.

No Bug Bounty Guarantee

While Vuetra greatly values responsible security research, this policy does not constitute a bug bounty program. We are not obligated to offer monetary rewards for disclosures. Should a formal bounty program be introduced in the future, its terms and eligibility requirements will be published separately.

Safe Harbor

We will not pursue legal action against individuals who report vulnerabilities responsibly and in accordance with this policy. This includes acting in good faith, avoiding harm to users or systems, not attempting extortion or leveraging discoveries for personal gain, and disclosing issues directly to Vuetra through the appropriate channels.

Changes to This Policy

Vuetra reserves the right to amend this Security Disclosure Policy at any time. Any updates will be published on this page and take effect immediately upon posting. We encourage users and researchers to review this policy periodically.

Vuetra Support Team

Email: support@vuetra.com

Registered Address: Nijverheidsstraat 7, 7772 TP Hardenberg, Netherlands

KVK (Chamber of Commerce) number: 94510288

BTW (VAT) number: NL866803762B01