1. Our Commitment

Verinty is committed to protecting the security of our platform and the businesses that trust us with their identity data. We welcome responsible disclosure of security vulnerabilities.

2. How to Report

If you discover a security vulnerability in Verinty, please report it to:

security@verinty.com

Please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Your contact details (optional)

We do not require you to identify yourself to report a vulnerability.

3. Our Response Commitments

Acknowledge receipt within 48 hours
Provide a status update within 7 business days
Notify you when the vulnerability is resolved (if contact details provided)
Not pursue legal action against researchers acting in good faith

4. Scope

In scope:

app.verinty.com.au
verinty.com
enterprise.verinty.com
API endpoints at app.verinty.com

Out of scope:

Third-party services (Supabase, Railway, Vercel) — report these to the respective vendors
Social engineering attacks
Physical security
Denial of service attacks

5. Responsible Disclosure Guidelines

Please:

Allow reasonable time for us to fix the issue before public disclosure
Not access or modify user data beyond what is necessary to demonstrate the vulnerability
Not degrade platform performance or availability
Not exploit vulnerabilities beyond proof of concept

6. Recognition

We genuinely appreciate security researchers who help keep Verinty safe. While we do not currently operate a bug bounty programme, we acknowledge responsible disclosure publicly where researchers consent.

Contact: security@verinty.com

Responsible SecurityDisclosure Policy