About 2 minutes

Responsible Disclosure

Last updated: 2025-06-20

At Innico, we take the security of our systems and data seriously. We recognize the important role that security researchers and ethical hackers play in identifying vulnerabilities.

If you discover a security issue in our systems, we ask that you responsibly disclose it to us so we can address it quickly.

How to Report

  • Send your report to: security@innico.nl
  • Include a clear description of the vulnerability, steps to reproduce it, potential impact, and the date and time of discovery.
  • We will handle your report with strict confidentiality and will not share your personal details with third parties without your permission.
  • You may report anonymously if you prefer.

Guidelines

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Do not access, modify, or delete data that does not belong to you.
  • Brute-force attacks and other automated scanning intended to overload systems are not permitted.
  • Do not disrupt our services (e.g., DoS attacks).
  • Do not attempt physical security attacks, social engineering, spam, or abuse of third-party applications or services.
  • Delete any confidential data obtained during your research once the issue has been resolved.
  • Do not share the vulnerability publicly before we’ve had a reasonable chance to fix it.

What You Can Expect

  • We will acknowledge your report within 5 business days.
  • We will provide updates as we investigate and fix the issue.
  • We will notify you once the issue is resolved.
  • With your permission, we may credit you on our site for your contribution.
  • Depending on the severity of the issue and the quality of your report, we may offer a reward (non-monetary or monetary) as a token of appreciation.

Safe Harbor

If you follow this policy in good faith:

  • We will not take legal action against you.
  • We consider your research authorized for the purposes of applicable computer misuse laws.
  • If there are indications of criminal intent or abuse, we reserve the right to report this to the authorities.

For standardized contact details, please also see our security.txt .