Security
Responsible Disclosure
Updated: 2026-07-01
We welcome reports from security researchers. Report in good faith and we won't take legal action.
Report to
support@sveasms.se. Feel free to use our PGP key, available on request.
What to include
- Description of the vulnerability.
- Steps to reproduce.
- Potential impact.
What you get back
- Acknowledgement within 48 hours.
- Update every 7 days until fixed.
- Public hall of fame with your name if you want.
What you may not do
No automated scanning that disrupts production. No social engineering. No exfiltration of customer data.