Security
Veylance takes the security of our platform and customer data seriously. We welcome responsible disclosure of vulnerabilities from security researchers and the broader community.
Responsible Disclosure
If you believe you have found a security vulnerability in Veylance, please report it to us. We ask that you:
- Provide sufficient detail to reproduce the vulnerability
- Allow reasonable time for us to investigate and address the issue before public disclosure
- Avoid accessing or modifying customer data during your research
- Act in good faith to avoid disruption to our services
How to Report
Email us at:
[email protected]Our machine-readable disclosure policy is available at /.well-known/security.txt.
What to Expect
- Acknowledgment — We will acknowledge your report within 48 hours
- Assessment — Our security team will triage and assess the severity of the issue
- Resolution — We will work to remediate confirmed vulnerabilities promptly and keep you informed of progress
- Recognition — With your permission, we will credit you for your discovery
Security Practices
Veylance maintains a security program that includes:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access controls and multi-tenant data isolation
- Regular security assessments and dependency audits
- Content Security Policy (CSP) headers and secure session management
- SOC 2 Type II compliance program