Response SLA
Leadership reply within 24 hoursDelivery Regions
USA, Spain, India, Ecuador, and global remoteEngagement Control
NDA-first, written authorization requiredControl Alignment
Mapped to SOC 2, ISO 27001, PCI DSS, HIPAAPolicy
Responsible disclosure policy.
We welcome responsible reports and coordinate remediation with clear communication and safety controls.
Where to report
Email security@codevertex.io with reproduction steps, impact estimate, and evidence.
Safe harbor expectations
Only non-destructive testing, no privacy violation, no service disruption, and no unauthorized data access.
Response timeline
Acknowledgement within 24 hours, triage in 3 business days, and remediation coordination thereafter.
Disclosure coordination
Please allow sufficient remediation time before public disclosure; we provide status updates throughout.
Out of scope activities
No social engineering
Do not target employees, partners, or clients through phishing/vishing.
No denial of service
Do not execute stress or disruption testing on production services.
No data exfiltration
Do not access, copy, or expose sensitive information.