Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

At Velory, we take security seriously. The trust of our customers depends on the security and integrity of our platform.



We welcome responsible security researchers to report potential vulnerabilities they discover. If you believe you have found a security issue in any of our systems, we encourage you to let us know as soon as possible following the guidelines below.

Guidelines

Make every effort to avoid privacy violations, service disruption, or destruction of data.
Only test against accounts you own or accounts explicitly authorized for testing.
Provide enough details to allow us to reproduce and validate the issue quickly.
Do not publicly disclose any vulnerability without our prior written consent.
We will investigate all legitimate reports and do our best to fix issues quickly. We are committed to being transparent and respectful throughout this process.
Out of Scope
Certain findings are considered out of scope, including but not limited to:
• Social engineering attacks (e.g., phishing employees).
• Denial of Service (DoS) attacks or automated scanning causing service disruption.
• Use of outdated browsers or unsupported platforms.
• Best practices recommendations without a demonstrable security impact.
While Velory is a growing company and cannot offer large financial rewards, we do offer:
• A small discretionary bounty for valid, previously unknown critical or high-severity issues.
• Public acknowledgment on our Security Hall of Fame (if desired).
• Our sincere thanks for helping keep our platform and customers safe.
• Rewards are determined based on the severity, impact, and quality of the report.

How to Report

Please send your findings to: security@velory.com

Include:
• A detailed description of the vulnerability.
• Steps to reproduce.
• Any relevant screenshots, logs, or proof-of-concept code.
• We aim to respond within 5 business days and will keep you updated throughout the investigation.
Thank you for helping us build a safer Velory!