Vulnerability Disclosure Policy
Last Updated: November 2025
1. Introduction
Gridex AI (operated by TeleCetli Kft.) is dedicated to preserving data security by preventing unauthorized disclosure of information. This policy was created to provide security researchers with instructions for conducting vulnerability discovery activities and to provide information on how to report vulnerabilities that have been discovered. This policy explains which systems and types of activity are covered, how to submit vulnerability reports, and how long we require you to wait before publicly reporting vulnerabilities identified.
2. Guidelines
We request that you:
- Notify us as soon as possible after you discover a real or potential security issue
- Provide us a reasonable amount of time to resolve the issue before you disclose it publicly (minimum 90 days)
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
- Only use exploits to the extent necessary to confirm a vulnerability's presence. Do not use an exploit to compromise or obtain data, establish command line access and/or persistence, or use the exploit to "pivot" to other systems
- Once you've established that a vulnerability exists or encounter any sensitive data (including personal data, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and keep the data strictly confidential
- Do not submit a high volume of low-quality reports
3. Authorization
Security research carried out in conformity with this policy is deemed permissible. We'll work with you to swiftly understand and fix the problem, and Gridex AI will not suggest or pursue legal action in connection with your research conducted in good faith and compliance with this policy.
4. Scope
This policy applies to the following systems and services:
4.1 Out of Scope
Any service that isn't explicitly specified above, such as related services, is out of scope and isn't allowed to be tested. Vulnerabilities discovered in third-party solutions Gridex AI interacts with (such as Azure OpenAI, Keycloak, Cloudflare, etc.) are not covered by this policy and should be reported directly to the solution vendor in accordance with their disclosure policy.
Note: Before beginning your inquiry, email us at [email protected] if you're unsure whether a system or endpoint is in scope.
5. Types of Testing
The following test types are **not authorized**:
6. Reporting a Vulnerability
To report any security flaws, send an email to:
Subject: [SECURITY] Vulnerability Report
We'll acknowledge receipt of your vulnerability report within the next business day and keep you updated on our progress. Reports can be submitted anonymously if you prefer, though providing contact information allows us to communicate with you about the issue.
7. Desirable Information
In order to process and react to a vulnerability report effectively, we recommend including the following information:
If possible, please provide your report in English or Hungarian.
8. Our Commitment
If you choose to provide your contact information, we promise to communicate with you in a transparent and timely manner:
9. Recognition
We appreciate the security research community's efforts in helping us maintain a secure platform. While we do not currently offer a bug bounty program, we are happy to publicly recognize researchers who responsibly disclose vulnerabilities (with your permission).
10. Contact Information
Security Contact: [email protected]
Security Officer: Tamas Szilagyi
TeleCetli Kft.
7634 Pécs, Darázs dűlő 70., Hungary