Vulnerability Disclosure Policy

We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

We require that all researchers:

If you follow these guidelines when reporting an issue to us, we commit to:

Out of scope

The following potential issues are not considered in scope:

Things we do not want to receive:

Forbidden actions:

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing [email protected].

Please include the following details with your report:

If you’d like to encrypt the information, please use our [PGP key].

Note: We do not currently offer bounties or other rewards for submitted vulnerability reports.

Please note that we will be processing your data in connection with your report and our internal processes.

For more details about how we process your personal data, please read our Web Privacy Notice

If you wish to report the issue anonymously, please state this in your communication, and we will not contact you or retain your personal information.

ISO/IEC 27001 logo
Aicpa logo
GDPR compliant logo
OWASP logo

We build security to our products and organisation from the start. We use security best practices (incl. ISO 27001, CIS etc.) to ensure that our security management system meets the highest standards.

Salv has an ISO/IEC 27001: 2022 certificate, as well as ISAE 3000 compliant SOC 2 Type 2 report.