Skip to content
Intrudify
Home Platform Services Company
FAQs Blog Case Studies Security
Contact

Security

Vulnerability Disclosure Policy

Last updated: 4 June 2026

Intrudify welcomes reports of security vulnerabilities in our systems from the security research community. This policy explains how to report a vulnerability to us, what you can expect from us, and the conditions under which we will not pursue legal action against good-faith research.

1. How to report

  • Email: [email protected]
  • Machine-readable contact: https://intrudify.com/.well-known/security.txt (RFC 9116)

Please include a description of the vulnerability, the affected URL/endpoint or component, steps to reproduce (proof-of-concept), and the potential impact. Encrypted email is available on request.

Please do not include third-party data or our customers' data in your report. If you encounter such data, stop and tell us immediately.

2. Our commitment to you

When you submit a report in good faith:

  • We will acknowledge receipt within 48 hours (business hours, en/ro).
  • We will provide an initial assessment and triage outcome, and keep you informed of remediation progress for valid findings.
  • We will handle your report confidentially and will not share your details with third parties without your consent, except as required by law.
  • We will credit you (with your permission) once a fix is deployed. A public acknowledgments page may be published at a later date.

Intrudify does not currently operate a paid bug-bounty programme. Reports are handled on a responsible-disclosure basis.

3. Scope

In scope: intrudify.com and its application subdomains, and the Intrudify SaaS platform that we operate.

Out of scope (do not test):

  • Customer environments, customer-supplied targets, or any system you scanned through the Intrudify product. Findings about a customer's own assets must go to that customer, not to Intrudify.
  • Denial-of-service (DoS/DDoS), volumetric, or load/stress testing.
  • Social engineering, phishing of staff or customers, and physical attacks.
  • Automated scanning that degrades service availability.
  • Reports from automated tools without a demonstrated, exploitable impact.

4. Safe harbour (good-faith research)

If you make a good-faith effort to comply with this policy during your research, Intrudify will:

  • not initiate or recommend legal action against you for accidental, good-faith violations of this policy;
  • consider your research to be authorised under applicable computer-misuse laws to the extent that this policy permits;

provided that you: stay within the scope above; do not access, modify, exfiltrate, or destroy data beyond the minimum necessary to demonstrate a vulnerability; do not intentionally degrade our services; and give us a reasonable period to remediate before any public disclosure (we request coordinated disclosure - see section 5). This safe harbour does not apply to actions that violate applicable law independently of this policy.

5. Coordinated disclosure

We ask that you give us a reasonable opportunity to remediate before publicly disclosing a finding. We aim to remediate critical issues within 48 hours and high-severity issues within 7 days. We are happy to coordinate a mutually agreed public disclosure timeline with you.

6. Contact

Questions about this policy or a report? Email [email protected].

This document is provided for general information. It is the public counterpart to Intrudify's internal vulnerability-management and incident-response processes.

Intrudify © 2026 Intrudify. All rights reserved.

Product

  • Platform
  • Services
  • FAQs
  • Book a demo

Company

  • About
  • Blog
  • Case Studies
  • Security
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Acceptable Use

Connect

  • Contact us
  • LinkedIn
  • GitHub