Last updated: July 1, 2026
At Norveth, we consider the security of our systems and our users' data to be of paramount importance. We actively encourage security researchers to help us improve our posture by reporting potential vulnerabilities.
We will not initiate legal action against security researchers who discover and report vulnerabilities in accordance with this policy. We consider activities conducted consistent with this policy to constitute "authorized" conduct.
If you believe you've found a security vulnerability in our platform, please notify us immediately by emailing security@norveth.app.
norveth.app and subdomainsapi.norveth.app)The following issues are considered out of scope and are not eligible for reporting under this program:
We strive to acknowledge receipt of all vulnerability reports within 48 hours. Once validated, we will keep you informed of our progress as we develop and deploy a patch.