VELA/ SECURITY
Home Privacy DPA / GDPR Report issue
Security

Security

This page explains how to report security issues and gives a high-level overview of the practices we use to protect VELA systems and customer data.

Last updated 2026-05-15 Responsible disclosure
Plain-English summary

If you discover a vulnerability, contact security@vela.watch with enough detail to reproduce it. Please do not exploit, exfiltrate, or publicly disclose issues before we have had a reasonable chance to investigate.

How to report an issue

Send security reports to security@vela.watch. Include the affected URL, product surface, reproduction steps, impact, and any logs or screenshots that help us validate the issue quickly.

  • Do not access accounts or data that do not belong to you.
  • Do not degrade service availability for customers.
  • Do not publicly disclose a vulnerability before coordinated review.

High-level controls

VELA uses layered controls such as access restrictions, credential hygiene, infrastructure segmentation, vendor controls, abuse prevention, logging for security operations, and change-management practices. Security controls are reviewed and updated as the platform evolves.

Incident response

When we become aware of a security issue, we investigate, contain, assess impact, implement remediation, and take follow-up measures as appropriate. Customer communications are handled according to the severity of the event, contractual commitments, and legal requirements.

Scope and safe harbor

We welcome good-faith reports that help improve the safety of the service. Good-faith testing is not a license to access data, bypass controls, or overload systems. We reserve the right to decide whether a report falls within acceptable disclosure boundaries.

No bounty promise: Unless separately announced in writing, this page does not create a bug bounty program or payment obligation.

Contact