Security

Responsible Disclosure

If you have identified a potential vulnerability in Landvex systems, we want to hear from you. We take all reports seriously.

Report a vulnerability

Send details of the vulnerability to our security team. Include a clear description, reproduction steps, affected component, and potential impact. All reports are handled confidentially.

security@landvex.com PGP key available on request. Reference "PGP Request" in your subject line.
48h
Initial response
We acknowledge all reports within 48 hours of receipt.
7d
Triage update
Triage assessment and severity classification within 7 days.
90d
Disclosure window
We aim to remediate and disclose confirmed issues within 90 days.
Scope

The following are in scope for responsible disclosure:

  • www.landvex.com and all subdomains
  • The Landvex platform and API (api.landvex.com)
  • Intelligence product delivery infrastructure
  • Client dashboard and authentication systems

Third-party services integrated by Landvex are not in scope. Please report those directly to the respective vendor.

Safe harbour

No legal action against good-faith researchers

Landvex will not initiate legal proceedings against researchers who identify and report vulnerabilities in accordance with this policy. Good-faith research that avoids user data exposure, system disruption, or privacy violations is protected.

Confidential handling

We will not share your identity or contact details with any third party without your explicit consent, except where required by law.

What is excluded from safe harbour

Research that involves accessing, modifying, or exfiltrating client or user data; disrupting platform availability; or social engineering of Landvex staff is not covered and may be subject to legal consequences.

Hall of fame

Landvex publicly acknowledges researchers who responsibly disclose verified vulnerabilities. Recognition is made with the researcher's consent and listed on our Security page.

Landvex does not operate a formal bug bounty programme at this time. We are grateful to every researcher who contributes to the security of our platform and the integrity of the data we serve to clients.

Expectations for researchers
  • Report vulnerabilities promptly and do not exploit them beyond what is required to demonstrate the issue
  • Do not access, modify, or retain client or user data beyond what is incidentally accessed during testing
  • Do not conduct denial-of-service attacks, spam, or social engineering
  • Allow us reasonable time to respond and remediate before public disclosure
  • Act in good faith at all times