invokable GmbH builds and operates a large number of different technical systems on the Internet. We are very security-conscious and attach great importance to the topic of security. However, we are totally aware that perfect security does not exist. That said, we expect our systems to have security vulnerabilities and are constantly trying to find them.

So, if you have found a security vulnerability, there are a few things that we want to tell you / ask you for:

• We kindly ask you to follow a coordinated, responsible disclosure process.
• Please tell us about your findings. Therefore you can reach out to us via security@invokable.gmbh.
  Please give as much detail as possible (e.g. Screenshots, exact error messages etc.)
• We will take your message confidentially and seriously.
• We will try our best to not initiate a complaint to law enforcement or pursue a civil action against you, as long as you are behaving responsible and professional. This means, that we expect you to submit a vulnerability, give us time to fix it before making it public and that you will not use the vulnerability to willfully access, manipulate or even store data that is not intended for you. We also expect you to respect other peoples privacy and do not disrupt our services.
• At the moment we do not offer an official bug bounty programme. Thus we cannot officially authorize you to test our systems. In most cases you should not expect us to pay rewards for submitted vulnerabilities.
• We believe that the internet will become a better place if people are taking security seriously. This means that we will also behave responsibly and proactively submit found vulnerabilities free-of-charge to other developers.

A big thank you from our whole team for following these rules and for submitting a vulnerability.