# Disclosure Policy:
#
# We take the security of our systems seriously and appreciate reports of
# potential vulnerabilities.
#
# Reporting
# If you believe you have discovered a security vulnerability, please report
# it by email to:
#
#   security@lysa.se
#
# Please include sufficient details to allow us to understand and reproduce
# the issue on our systems. Reports should describe how the issue can be
# observed in practice in our environment, exact steps to reproduce, and the
# potential impact.
#
# No Bug Bounty
# We do not operate a bug bounty or reward program. However, we value
# responsible vulnerability disclosures and thank you for helping us improve
# our security.
#
# Responsible Disclosure Guidelines
# We ask that you:
# - Act in good faith.
# - Avoid actions that could harm users, data, or service availability.
# - Not access, modify, or exfiltrate any customer, personal or confidential
#   data, and immediately cease testing if such access occurs.
# - Not publicly disclose the vulnerability before we have had a reasonable
#   opportunity to investigate and remediate it.
#
# Our Commitment
# When a report is submitted in accordance with this policy, we will:
# - Acknowledge the report.
# - Investigate the issue and take appropriate remediation steps.
# - Communicate as needed during the process.

Contact: mailto:security@lysa.se
Preferred-Languages: en, sv
Expires: 2026-12-01T00:00:00.000Z