1. Our Commitment
Infuzest Ltd (SimpleTaxFlow) takes the security of our platform and your data seriously. We welcome responsible disclosure of security vulnerabilities from researchers and users. This policy explains how to report vulnerabilities and what you can expect from us.
2. Reporting a Vulnerability
If you believe you have discovered a security vulnerability, please report it to security@infuzest.co.uk. Please include:
- Sufficient detail to reproduce the issue, including steps, URLs, and screenshots where relevant
- The type and impact of the vulnerability
- any proof-of-concept or exploit code (if applicable)
We aim to acknowledge receipt within 48 hours and provide an initial assessment within 7 days.
3. What We Ask of You
We request that you:
- Do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and remediate it.
- Make a good-faith effort to avoid privacy violations, destruction of data, or disruption of services.
- Do not access or modify data belonging to other users.
4. What You Can Expect
We will investigate all valid reports promptly and keep you informed of progress. For confirmed vulnerabilities, we will work to remediate them and, where appropriate, credit you in our acknowledgements. We do not offer monetary rewards for vulnerability reports, but we appreciate the contribution to our security.
5. Out of Scope
Social engineering, physical security issues, and issues in third-party services (e.g. HMRC, WhatsApp) are generally out of scope. Low-severity issues such as missing security headers may be accepted but deprioritised.
6. Contact
For any questions about this policy or to report a vulnerability, contact us at security@infuzest.co.uk.