RevuFlex Ltd welcomes reports from security researchers and users who discover potential vulnerabilities in our applications, websites, or infrastructure. We are committed to investigating all reports and addressing verified issues promptly.
How to Report a Vulnerability
If you have discovered a security vulnerability in any RevuFlex product or service, please email us with full details:
Please include, where possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The affected product, URL, or endpoint
- Any proof-of-concept code, screenshots, or logs (ensure no real user data is included)
- Your name or handle (optional) if you would like to be credited
Scope
The following are in scope for responsible disclosure:
- Mobile applications published by RevuFlex Ltd (including One More Tile on iOS and Android)
- Websites under the
revuflex.com domain
- Backend APIs and infrastructure we operate
Out of scope:
- Third-party services we do not control (e.g. Supabase, AWS, Facebook, Google)
- Issues already publicly known or in queue for remediation
- Denial-of-service (DoS/DDoS) testing
- Social engineering against RevuFlex personnel
Our Commitment
- We will acknowledge your report within 5 business days
- We will investigate and provide a resolution timeline within 30 days
- We will credit you in our security acknowledgements (if you wish) once the issue is resolved
- We will not pursue legal action against researchers who act in good faith and comply with this policy
Safe Harbour
Good-faith security research is welcomed. Please:
- Do not access, modify, or destroy user data that is not your own
- Do not disrupt service availability for other users
- Give us a reasonable time to remediate before public disclosure
- Comply with all applicable laws
Researchers who act in accordance with this policy will not be subject to legal action by RevuFlex Ltd.
security.txt
Machine-readable disclosure metadata (per RFC 9116) is available at: