Resources
Security
How we protect our platform and what to do if you find a vulnerability.
Our Security Practices
Encryption
All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
Access Control
Role-based access control with least-privilege principles. All privileged access requires MFA and generates audit logs.
Vulnerability Management
Regular internal reviews and dependency scanning. Critical vulnerabilities are patched within 24 hours of discovery.
Incident Response
Defined incident response procedures with clear SLAs. Affected customers are notified within 72 hours of a confirmed breach, in line with GDPR Art. 33.
Responsible Disclosure Policy
We take security seriously and welcome reports from security researchers and the community. If you believe you have found a security vulnerability in any Akarguard system, please report it to us responsibly.
What to report: Authentication bypasses, data leakage, injection vulnerabilities, misconfigured security headers, privilege escalation, or any other vulnerability that could affect the confidentiality, integrity, or availability of Akarguard systems or customer data.
How to report: Email security@akarguard.net with a clear description of the vulnerability, steps to reproduce, and any supporting evidence (screenshots, proof-of-concept code). Encrypt sensitive reports using our PGP key (available on request).
What to expect: We will acknowledge your report within 2 business days and aim to triage and respond with an initial assessment within 7 days. We will keep you updated as we work towards a fix.
Disclosure Guidelines
- Do not attempt to access or modify customer data that does not belong to you
- Do not perform DoS or DDoS attacks against Akarguard or our customers
- Do not use automated scanning tools without prior consent
- Give us reasonable time to remediate before public disclosure
- Act in good faith — we will do the same
We do not operate a paid bug bounty programme at this time, but we will acknowledge researchers who report valid, responsibly-disclosed vulnerabilities.
Security contact