Responsible Disclosure Policy

ENGINYRING Europe SRL | rev. 1.1
Updated 04.08.2025

At ENGINYRING, we consider the security of our systems a top priority. We encourage security researchers to identify and report potential vulnerabilities in our systems. This policy outlines the rules for conducting security research on our systems and how to report your findings. By submitting a report to us, you agree to be bound by the terms of this policy.

1. Scope

This policy applies to all digital assets owned and operated by ENGINYRING, including the following domains and their subdomains:

  • enginyring.com

Any service not expressly listed is excluded from scope.

2. Rules of Engagement

To remain in compliance with this policy, you must adhere to the following rules at all times:

  • Do not engage in any activity that could cause disruption or degradation to our services or our users. This includes, but is not limited to, social engineering, spam, and denial of service (DoS or DDoS) attacks.
  • Do not access, modify, or exfiltrate any data that does not belong to you. If you accidentally access non-public data, you must stop immediately and report this in your submission.
  • Do not reveal the vulnerability to any third party until we have confirmed it has been resolved.
  • Provide detailed, reproducible steps in your report. A report that is not detailed enough to be reproduced may be closed without further action.
  • You must act in good faith and not for personal gain.

3. How to Report a Vulnerability

Please submit your findings through our secure Support Ticket System. If you are unable to use the ticket system, you may email your findings to contact [at] enginyring [dot] com, using PGP encryption where possible.

4. Conditional Safe Harbor

If you conduct your security research in good faith and in full compliance with this policy, we commit to the following:

  • We will not initiate legal action against you for your research activities.
  • We will work with you to understand and resolve the issue quickly.
  • We will handle your report with strict confidentiality.

This safe harbor is void if you fail to comply with any part of this policy.

5. No Compensation

We do not offer a bug bounty program and are not obligated to provide any compensation for submitted reports. Any rewards are provided at our sole and absolute discretion. You explicitly waive any claim for compensation by submitting a report.