Responsible Disclosure Policy
Last Updated: September 20, 2025
At Averlon, the security of our products and systems is one of our highest priorities. We recognize that vulnerabilities can happen, and we appreciate reports that help us improve security for everyone.
If you discover a potential vulnerability in our product, please notify us immediately at security@averlon.io so we can investigate and remediate it as quickly as possible.
Our Commitment
When you submit a report, we will:
- Respond within 5 business days.
- Not take legal action against you for responsible disclosure.
- Handle your report with strict confidentiality and not share your personal details without consent.
- Keep you informed of our progress until resolution.
Scope
- This policy applies to vulnerabilities discovered in Averlon’s products and systems.
- Please avoid any activity that could disrupt our services, compromise user data, or impact availability.
Important Notes
- We currently do not run a bug bounty program.
- This policy does not apply to reports that include demands for compensation or threats of uncoordinated disclosure.
We strive to work with the security community in good faith and resolve issues as quickly and transparently as possible.
Contact Information
If you have any questions, comments or concerns, please email us at security@averlon.io or write to us at:
Averlon, Inc.
8201 164th Ave NE, Suite 200
Redmond, WA, 98052