Elementrica
03Case Studies04References05Company06News07Contact
PLENDE

Responsible Disclosure

Last updated: Jul 5, 2026

Security is our daily work, so we take it seriously at home too. If you find a vulnerability in our systems, we want to hear about it. Here we describe how to report it safely and what you can expect from us.

How to report a vulnerability

Write to us at contact@elementrica.com. You will also find the security team’s contact details in machine-readable form in our security.txt file.

In your report, briefly describe: what the vulnerability concerns, how to reproduce it (step by step) and what impact it may have. Attach proof (for example a screenshot or request), but without unnecessary access to data.

Scope

These rules apply to services and systems owned by Elementrica, including this site. If you are not sure whether a given resource belongs to us, ask before you start testing.

Rules for safe testing

So that your actions are safe for both sides, stick to a few rules. Please:

  • act in good faith and only within the scope needed to demonstrate the vulnerability,
  • do not access, modify or delete other people’s data,
  • do not run availability attacks (DoS/DDoS) or performance tests,
  • do not use social engineering against our employees, clients or contractors,
  • do not use the vulnerability beyond what is necessary to confirm it,
  • give us a reasonable time to fix it before you disclose details publicly.

Our commitments

In return, we commit to:

  • keep you informed of progress in the analysis and fix,
  • not take legal action against people acting in good faith and in line with these rules,
  • thank the author of the report, if they agree to it.

What we do not treat as a vulnerability

We usually do not qualify reports concerning only:

  • missing security headers without a demonstrated real impact,
  • automated scanner results without confirmation that they can be exploited,
  • purely theoretical issues or ones that require unlikely conditions.