Responsible disclosure
If you identify a potential security issue, report it through the process below so we can triage and coordinate remediation.
Intake channel
- Email: security@velikey.com
- Include affected endpoint, reproduction steps, impact, and proof-of-concept artifacts.
- Do not include sensitive customer data in reports.
Triage SLA targets
- Acknowledgement target: within 2 business days.
- Initial severity assessment target: within 5 business days.
- Status update target for active investigations: at least every 7 calendar days.
Targets are operational goals, not contractual commitments.
Safe harbor (good-faith testing)
We support good-faith security research intended to improve security. For activity that remains within this policy, avoids privacy harm, and does not disrupt service availability, we intend to work collaboratively toward remediation.
This statement does not modify legal rights or obligations under applicable law or agreements.
Testing boundaries
- Do not exfiltrate, alter, or destroy customer or production data.
- Do not execute denial-of-service or volumetric stress testing without prior written approval.
- Do not perform social engineering against customers, partners, or employees.