Security

Valisa is built with security in mind. We proactively invest time and resources in producing stable software. That includes protecting user data and keeping our dependencies safe.

We appreciate researchers who report genuine, reproducible vulnerabilities through responsible disclosure. In practice it means we need a reasonable amount of time to fix the issue before making it public (90 days). Please avoid accessing or altering user data.

As a small company, we do not offer bug bounties or any form of financial compensation. Requests for payment will not receive a response. Instead, Valisa will communicate disclosure, provide attribution and verbal gratitude for valid, responsibly disclosed reports via our public communication channels.

Please only report real, specific issues. Vague, template-based, or AI-generated reports will be disregarded. To report a security issue, contact us via email below.