Responsible disclosure
Solvren values responsible security research and clear communication. If you believe you have found a vulnerability in a Solvren-controlled system, please report it through the process below.
Scope. Reports should concern Solvren-controlled websites, applications, APIs, or infrastructure. Please do not access customer data without authorization, disrupt production systems, perform destructive testing, attempt persistence, or conduct social engineering against Solvren personnel, customers, or partners.
How to report. Email security@solvren.com with a clear description, steps to reproduce, affected URLs or assets, expected impact, and any supporting evidence. Please minimize sensitive data in your report. If encryption is needed, we can provide a key on request.
What to expect. We aim to acknowledge valid reports promptly, investigate in good faith, and coordinate remediation based on severity and risk. We do not operate a public bug bounty program at this time, and compensation is not guaranteed.
Safe harbor intent. We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, and follow this disclosure process.
For general security and trust information, see the Trust Center and Security Baseline.