Security Contact

Reporting Security Vulnerabilities

Report security vulnerabilities in Complexio's enterprise automation platform to security@complexio.com. For sensitive reports requiring encryption, use our PGP public key. Critical issues should include "[CRITICAL SECURITY]" in the email subject line.

Your report should specify the affected system, reproduction steps, and potential impact. Include proof-of-concept code when available, but avoid accessing customer data or disrupting production services.

Response Process

We acknowledge all reports within 24 hours and provide status updates every 5 business days. Our investigation follows standard vulnerability assessment procedures, with remediation timelines based on CVSS severity scoring.

We coordinate public disclosure timing with researchers and provide recognition through our security acknowledgments page unless you prefer anonymity.

Research Scope

Testing is authorized on Complexio-owned infrastructure and public-facing applications. Demo environments are available upon request. Customer-deployed instances require explicit customer permission before testing.

Do not attempt social engineering, physical facility testing, or any activity that could impact service availability or data integrity.

Safe Harbor

Researchers following these guidelines will not face legal action. We maintain confidentiality during investigation and work collaboratively toward resolution.

Additional Resources

The complete vulnerability disclosure policy is available in our security.txt file following RFC 9116 standards 1. General support inquiries for our products should be directed to your appointed customer success manager at Complexio.

Emergency Contact: security@complexio.com

Business Hours: Monday-Friday, 9:00-17:00 CET

Response SLA: 24 hours