Gridex AIGridex AI

Vulnerability Disclosure Policy

Last Updated: November 2025

1. Introduction

Gridex AI (operated by TeleCetli Kft.) is dedicated to preserving data security by preventing unauthorized disclosure of information. This policy was created to provide security researchers with instructions for conducting vulnerability discovery activities and to provide information on how to report vulnerabilities that have been discovered. This policy explains which systems and types of activity are covered, how to submit vulnerability reports, and how long we require you to wait before publicly reporting vulnerabilities identified.

2. Guidelines

We request that you:

  • Notify us as soon as possible after you discover a real or potential security issue
  • Provide us a reasonable amount of time to resolve the issue before you disclose it publicly (minimum 90 days)
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
  • Only use exploits to the extent necessary to confirm a vulnerability's presence. Do not use an exploit to compromise or obtain data, establish command line access and/or persistence, or use the exploit to "pivot" to other systems
  • Once you've established that a vulnerability exists or encounter any sensitive data (including personal data, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and keep the data strictly confidential
  • Do not submit a high volume of low-quality reports

3. Authorization

Security research carried out in conformity with this policy is deemed permissible. We'll work with you to swiftly understand and fix the problem, and Gridex AI will not suggest or pursue legal action in connection with your research conducted in good faith and compliance with this policy.

4. Scope

This policy applies to the following systems and services:

4.1 Out of Scope

Any service that isn't explicitly specified above, such as related services, is out of scope and isn't allowed to be tested. Vulnerabilities discovered in third-party solutions Gridex AI interacts with (such as Azure OpenAI, Keycloak, Cloudflare, etc.) are not covered by this policy and should be reported directly to the solution vendor in accordance with their disclosure policy.

Note: Before beginning your inquiry, email us at [email protected] if you're unsure whether a system or endpoint is in scope.

5. Types of Testing

The following test types are **not authorized**:

6. Reporting a Vulnerability

To report any security flaws, send an email to:

[email protected]

Subject: [SECURITY] Vulnerability Report

We'll acknowledge receipt of your vulnerability report within the next business day and keep you updated on our progress. Reports can be submitted anonymously if you prefer, though providing contact information allows us to communicate with you about the issue.

7. Desirable Information

In order to process and react to a vulnerability report effectively, we recommend including the following information:

If possible, please provide your report in English or Hungarian.

8. Our Commitment

If you choose to provide your contact information, we promise to communicate with you in a transparent and timely manner:

9. Recognition

We appreciate the security research community's efforts in helping us maintain a secure platform. While we do not currently offer a bug bounty program, we are happy to publicly recognize researchers who responsibly disclose vulnerabilities (with your permission).

10. Contact Information

Security Contact: [email protected]

Security Officer: Tamas Szilagyi

TeleCetli Kft.

7634 Pécs, Darázs dűlő 70., Hungary

Legal

Privacy PolicyTerms of ServiceCookie Settings

Security

Information SecurityIncident ResponseVulnerability Disclosure

Help

Support

© 2026 Gridex AI. All rights reserved.

Back to Gridex AI