2 min read

Responsible Disclosure

Last updated: 20 June 2025

At Innico, we take the security of our systems and data seriously. We recognise the important role that security researchers and ethical hackers play in identifying vulnerabilities.

If you discover a security issue in our systems, we ask that you responsibly disclose it to us so we can address it quickly.

How to Report

  • Send your report to: security@innico.nl
  • Include a clear description of the vulnerability, steps to reproduce it, potential impact, and the date and time of discovery.
  • We will handle your report with strict confidentiality and will not share your personal details with third parties without your permission.
  • You may report anonymously if you prefer.

Guidelines

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Do not access, modify, or delete data that does not belong to you.
  • Brute-force attacks and other automated scanning intended to overload systems are not permitted.
  • Do not disrupt our services (e.g., DoS attacks).
  • Do not attempt physical security attacks, social engineering, spam, or abuse of third-party applications or services.
  • Delete any confidential data obtained during your research once the issue has been resolved.
  • Do not share the vulnerability publicly before we’ve had a reasonable chance to fix it.

What You Can Expect

  • We will acknowledge your report within 5 business days.
  • We will provide updates as we investigate and fix the issue.
  • We will notify you once the issue is resolved.
  • With your permission, we may credit you on our site for your contribution.
  • Depending on the severity of the issue and the quality of your report, we may offer a reward (non-monetary or monetary) as a token of appreciation.

Safe Harbor

If you follow this policy in good faith:

  • We will not take legal action against you.
  • We consider your research authorised for the purposes of applicable computer misuse laws.
  • If there are indications of criminal intent or abuse, we reserve the right to report this to the authorities.

For standardised contact details, please also see our security.txt.