Security
Coordinated Vulnerability Disclosure
Effective 13 June 2026 · Last updated 13 June 2026
Security is our craft. We welcome reports from security researchers and treat them as partners. This policy explains how to report a vulnerability and what you can expect from us.
Scope
This policy covers our public web properties, including guardinotechnologies.com and guardino.ai, and our public-facing infrastructure.
Out of scope: third-party services we do not operate, volumetric denial-of-service testing, social-engineering of our staff or customers, and physical attacks.
How to report
Email [email protected] with a clear description, the steps to reproduce, affected URLs or endpoints, and any proof-of-concept. A machine-readable security.txt is published at /.well-known/security.txt.
Please give us a reasonable time to investigate and remediate before any public disclosure, and do not access, modify or exfiltrate data beyond the minimum needed to demonstrate the issue.
Safe harbour
If you make a good-faith effort to comply with this policy during your research, we will consider your activity authorised, will not pursue or support legal action against you, and will work with you to understand and resolve the issue quickly.
This authorisation does not extend to actions that violate the privacy of our users, destroy data, degrade our services, or break applicable law.
Our commitment
We aim to acknowledge reports within 3 business days, to provide a remediation timeline after triage, and to keep you informed through resolution.
We are happy to credit researchers who wish to be named. We do not currently operate a paid bug-bounty programme; this may change and will be announced here.
Contact
Security reports: [email protected]
Preferred languages: English, Turkish.