Security

Responsible Vulnerability Disclosure Policy

Our Commitment to Security

At Solex, we take the security of our platform and our users' data seriously. We appreciate the security research community's efforts in helping us maintain a secure environment.

This page outlines how to responsibly report security vulnerabilities and our commitment to working with researchers.

How to Report a Vulnerability

If you believe you've discovered a security vulnerability in Solex, please report it to us as soon as possible.

Email Us

Send details to:

support@solex.dev

Use subject: "Security Vulnerability Report"

Response Time

We aim to respond within:

48 hours

For urgent issues, we'll prioritize accordingly

What to Include in Your Report

To help us understand and reproduce the issue quickly, please include:

  • Description: Clear explanation of the vulnerability
  • Impact: What could an attacker do with this?
  • Steps to Reproduce: Detailed steps we can follow
  • Proof of Concept: Screenshots, code snippets, or videos
  • Your Environment: Browser, OS, versions if relevant
  • Your Contact Info: How we can reach you for updates

Safe Harbor

We support good-faith security research. If you follow these guidelines, we will not pursue legal action:

  • Report vulnerabilities privately before public disclosure
  • Give us reasonable time to fix the issue before going public
  • Avoid accessing or modifying user data without permission
  • Do not perform actions that could harm our users or services
  • Test only on your own accounts when possible

We will work with you in good faith to understand and resolve the issue quickly.

Our Disclosure Process

When you report a vulnerability, here's what happens:

1

Acknowledgment (48 hours)

We'll confirm receipt and assign a team member to investigate

2

Assessment (3-5 days)

We'll validate the issue and determine severity

3

Resolution (Varies by severity)

Critical: 24-48 hours | High: 1 week | Medium/Low: 2-4 weeks

4

Disclosure

Once fixed, we'll work with you on coordinated disclosure timing

Out of Scope

The following are generally not considered security vulnerabilities:

  • Issues in third-party services we integrate with (report to them directly)
  • Social engineering attacks
  • Physical attacks against our infrastructure
  • Denial of Service (DoS) attacks
  • Spam or social network features (e.g., Twitter integration)
  • Reports from automated scanning tools without validation
  • Issues requiring unlikely user interaction

Hall of Fame

Thank You to Our Researchers

We're grateful to the security researchers who have helped make Solex more secure. With your permission, we'll list researchers who report valid vulnerabilities here.

No researchers listed yet. Be the first!

PGP Key

For highly sensitive vulnerability reports, we will provide a PGP key upon request. Contact us at support@solex.dev to receive our public key.

Security Best Practices

In addition to welcoming vulnerability reports, we follow these security practices:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security audits and updates
  • Secure authentication (OAuth, magic links)
  • Access controls and monitoring
  • GDPR and UK data protection compliance

Contact Us

Security Reports: support@solex.dev

General Inquiries: support@solex.dev

Operated by: Fabian Martin trading as Solex