Responsible disclosure

We welcome reports from security researchers who help us keep our customers’ data and systems safe. If you believe you have found a vulnerability in any Filix-operated system, please tell us.

How to report

Email security@filix-it.com. PGP encryption available on request. We acknowledge reports within five business days.

Scope

• filix-it.com (this website) and any subdomains we operate.
• Any software components we publish under the Filix name.

Out of scope

• Third-party services we use — please report to them directly.
• Social-engineering attacks against our staff.
• Physical attacks against our offices.

Safe harbour

We will not pursue legal action against researchers who act in good faith, follow this policy, do not access more data than necessary to demonstrate the issue, and give us a reasonable opportunity to remediate before public disclosure.