Security

Security & responsible disclosure

We take the security of CRYPTAGION seriously — it is, after all, a security product. If you believe you have found a vulnerability, we want to hear from you.

Report a vulnerability: security@cryptagion.io
Machine-readable policy: /.well-known/security.txt

What to include

A clear description of the issue and its impact.
Steps to reproduce (proof-of-concept appreciated).
Affected component and version, if known.

Our commitment

We acknowledge reports within 5 business days.
We practise coordinated disclosure: we will work with you on a fix and a reasonable disclosure timeline.
Safe harbour: good-faith research conducted under this policy will not lead to legal action from us. Do not access data that is not yours, degrade services, or exfiltrate data.

Out of scope

Findings without a realistic security impact (e.g. missing best-practice headers on static pages, automated-scanner output without a working proof-of-concept, social engineering) are generally out of scope.

Security posture

For data handling, deployment and reversibility details for your procurement file:
Download the CRYPTAGION security posture (PDF) → · Deployment & data flow →

← Home