AccountSupport
CYBNODE logo
Legal[ Policies & Terms ]

CYBNODE Legal Centre

Explore our comprehensive collection of legal policies, terms of service, and regulatory compliance documents. Our legal centre provides transparent access to important information about your rights, our obligations, and how we handle your data and privacy.

Policies

Legal Policy

Vulnerability Disclosure Policy

Cybnode takes security, vulnerability, and privacy very seriously. We value the contributions of the security research community and appreciate your efforts to uncover vulnerabilities.

Safe Harbor

Cybnode will not initiate legal action against individuals or organizations who discover and report vulnerabilities in accordance with this policy. We consider research and reporting conducted under this policy to be authorized and beneficial.

To qualify for safe harbor, you must:

  • Act in good faith and avoid harming Cybnode, our users, or our clients. This includes not disrupting services or corrupting/destroying data.
  • Make every effort to avoid accessing, downloading, or modifying data that does not belong to you. If you inadvertently access sensitive data, stop immediately and report it to us.
  • Do not publicly disclose the vulnerability until we have had a reasonable amount of time to remediate it.
  • Comply with all applicable laws, such as those in your location and in the United Kingdom, where Cybnode operates.

Scope

In-Scope Assets

This policy applies to vulnerabilities found in the following Cybnode products and services:

  • www.cybnode.com

This policy only covers assets that can be accessed remotely.

Out-of-Scope

The following assets and activities are not covered by this policy:

  • Any exploit that requires physical access to Cybnode property or data centers.
  • Third-party services or applications that integrate with Cybnode.
  • Social engineering (e.g., phishing, vishing) of Cybnode employees or customers.
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
  • Reports from unverified automated scanners. We do accept reports that use scanner output as a starting point, but they must be accompanied by manual validation and a proof-of-concept.

How to Submit a Report

If you believe you have found a vulnerability, please submit your report to [email protected].

To help us process your report quickly and efficiently, please include:

  • A clear title and description of the vulnerability.
  • Step-by-step instructions to reproduce the issue, including any necessary tools or scripts.
  • Supporting evidence such as screenshots, logs, or proof-of-concept code.
  • The potential impact of the vulnerability.

We will use secure methods, such as SMIME or a dedicated platform, for sensitive communication.

What You Can Expect from Us

  • We will acknowledge receipt of your report within 10 business days.
  • We will prioritize reports based on their clarity, supporting evidence, and potential impact.
  • We will work to identify and remediate confirmed vulnerabilities in a timely manner.
  • We will maintain open and transparent communication throughout the process.

Recognition

For confirmed vulnerabilities, Cybnode will provide full credit to the first researcher or organization to report the issue, after the vulnerability has been identified and fixed. With your permission, we will acknowledge your contribution in a future Hall of Fame or similar news platform.

Policy Guidelines

  • Please test only on assets listed as in-scope.
  • Do not access, modify, or exfiltrate any data belonging to Cybnode or its customers.
  • Please interact with our team professionally. We will not tolerate threats or extortion.
  • Please read and adhere to this policy before conducting any testing.

Policy Changes

This policy may be updated at any time. We will notify existing customers of significant changes.

Approved by: Cybnode Executive Board

Signed by: Michal Nowakowski

Last updated: 24/10/2025

Next Review: 24/10/2026

Download as PDF