Skip to content

Responsible Disclosure

Security is our core product. If you find a vulnerability in our systems, we want to know about it, and we want to fix it.

Contactsecurity@vantus.systems

Safe Harbor

Vantus Systems pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.

Guidelines

  • Do not destroy or corrupt data.
  • Do not impact the availability of our services (no DDoS).
  • Do not access or exfiltrate customer data (use your own test accounts).
  • Give us reasonable time to remediate before public disclosure.

In Scope

  • *.vantus.systems
  • Trust Dashboard
  • Calculator Tools

Out of Scope

  • Social Engineering (Phishing) of employees.
  • Physical security of our offices.
  • Third-party services (e.g., AWS infrastructure itself).

Reporting

Please email security@vantus.systems with:

  1. Description of the vulnerability.
  2. Steps to reproduce.
  3. Proof of Concept (PoC) code or screenshots.

We will acknowledge receipt within 24 hours and provide an estimated timeline for triage.