SveaSMSSveaSMS
Security

Responsible Disclosure

Updated: 2026-07-01

We welcome reports from security researchers. Report in good faith and we won't take legal action.

Report to

support@sveasms.se. Feel free to use our PGP key, available on request.

What to include

  • Description of the vulnerability.
  • Steps to reproduce.
  • Potential impact.

What you get back

  • Acknowledgement within 48 hours.
  • Update every 7 days until fixed.
  • Public hall of fame with your name if you want.

What you may not do

No automated scanning that disrupts production. No social engineering. No exfiltration of customer data.