ApeTecLtd
Legal

Security & Responsible Disclosure

Last updated:

ApeTec Ltd takes a practical, risk-based approach to protecting our website, systems, and communications.

1. Security controls

  • HTTPS is enforced via Vercel for website traffic.
  • Basic rate limiting is implemented on public form endpoints.
  • Contact form delivery uses a secure email provider (Postmark).
  • Communications integrations may use providers such as Twilio where applicable.
  • Least-privilege access controls and routine platform updates are applied.

2. Responsible disclosure

If you discover a potential vulnerability, please report it privately to hello@apetec.co.uk with sufficient detail to reproduce the issue.

3. Disclosure expectations

  • Do not exploit vulnerabilities beyond verification.
  • Do not access, alter, or exfiltrate data without explicit permission.
  • Do not perform disruptive testing or denial-of-service activity.
  • Allow reasonable time for investigation and remediation before public disclosure.

4. Scope and limitations

This page is a summary and does not constitute a bug bounty programme or contractual security commitment.